I'm pretty sure WSS4J does not support processing of SAML
SubjectConfirmation methods, but I'd be happy to be corrected on this.
The ultimate arbiter would be in:
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
but this class appears to be nothing more than a DOM -> OpenSAML
parser. You're better off (IMO) implementing this functionality in an
interceptor, and using JAX-B generated types. The SAML schema
compiles OOTB in CXF, BTW.
There is some client-side (well, sending-side) processing, wherein a
SAML Assertion can be generated using the holder-of-key confirmation
method:
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
but this may have limited applicability to your scenario.
-Fred
On Feb 12, 2008, at 8:12 AM, Benjamin Coiffe wrote:
Hi there,
Does anybody have a sample demoing the use of SAML Hok, WSS4J and CXF?
Any help appreciated!
I have a code snippet at the end of this email but it keeps throwing
the
same exception:
12-Feb-2008 13:04:40
org.apache.cxf.endpoint.dynamic.DynamicClientFactory outputDebug
INFO: Created classes: com.chemspider.ArrayOfString,
com.chemspider.GetCompoundDetails,
com.chemspider.GetCompoundDetailsResponse,
com.chemspider.GetDatabases,
com.chemspider.GetDatabasesResponse, com.chemspider.ObjectFactory,
com.chemspider.SearchByFormula, com.chemspider.SearchByFormula2,
com.chemspider.SearchByFormula2Response,
com.chemspider.SearchByFormulaResponse, com.chemspider.SearchByMass,
com.chemspider.SearchByMass2, com.chemspider.SearchByMass2Response,
com.chemspider.SearchByMassResponse
log4j:WARN No appenders could be found for logger
(org.apache.xml.security.Init).
log4j:WARN Please initialize the log4j system properly.
java.lang.ClassCastException:
com.sun.org.apache.xerces.internal.dom.DocumentImpl
at
com
.sun.xml.messaging.saaj.soap.impl.ElementImpl.getOwnerDocument(Elemen
tImpl.java:104)
at
com
.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(P
arentNode.java:388)
at
com
.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNod
e.java:321)
at
com
.sun.org.apache.xerces.internal.dom.NodeImpl.appendChild(NodeImpl.jav
a:275)
at org.opensaml.SAMLSubject.toDOM(Unknown Source)
at org.opensaml.SAMLSubjectStatement.toDOM(Unknown Source)
at org.opensaml.SAMLAuthenticationStatement.toDOM(Unknown Source)
at org.opensaml.SAMLAssertion.toDOM(Unknown Source)
at org.opensaml.SAMLObject.toDOM(Unknown Source)
at org.opensaml.SAMLSignedObject.toDOM(Unknown Source)
at org.opensaml.SAMLObject.toDOM(Unknown Source)
at org.opensaml.SAMLSignedObject.sign(Unknown Source)
at org.opensaml.SAMLSignedObject.sign(Unknown Source)
at
org
.apache.ws.security.saml.SAMLIssuerImpl.newAssertion(SAMLIssuerImpl.j
ava:193)
at
org
.apache.ws.security.action.SAMLTokenSignedAction.execute(SAMLTokenSig
nedAction.java:55)
at
org
.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1
92)
at
org
.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
OutInterceptor.java:169)
at
org
.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
OutInterceptor.java:43)
at
org
.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:208)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:180)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:200)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:186)
at Test.testSAMLSignedHoK(Test.java:103)
at Test.main(Test.java:129)
public static void testSAMLSignedHoK(){
CXFBusFactory busFactory = new CXFBusFactory();
DynamicClientFactory f =
DynamicClientFactory.newInstance(busFactory.createBus());
Client client =
f.createClient("http://www.chemspider.com/massspecapi.asmx?WSDL";);
client.getOutInterceptors().add(new
org.apache.cxf.interceptor.LoggingOutInterceptor());
client.getInInterceptors().add(new
org.apache.cxf.interceptor.LoggingInInterceptor());
Map<String, Object> configuration = new
HashMap<String,Object>();
configuration
.put(WSHandlerConstants.SAML_PROP_FILE,"saml2.properties");
configuration
.put(WSHandlerConstants.ACTION,WSHandlerConstants.SAML_TOKE
N_SIGNED );
configuration.put(WSHandlerConstants.SIG_PROP_REF_ID,
"C:/eclipse3.2.1/workspace/Kensington.SILVER/plugins/
webservicestudio/te
st/security/certs/clientKS.jks");
configuration.put(WSHandlerConstants.PW_CALLBACK_REF, new
CallbackHandler(){
public void handle(Callback[] callbacks) throws
IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[0];
pc.setPassword("change_on_install");
}});
//configuration.put(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
Properties properties = new Properties();
properties
.put("org.apache.ws.security.crypto.provider","org.apache.ws.s
ecurity.components.crypto.Merlin");
properties
.put("org.apache.ws.security.crypto.merlin.keystore.type","JKS
");
properties
.put("org.apache.ws.security.crypto.merlin.keystore.password",
"password");
properties.put("org.apache.ws.security.crypto.merlin.file","C:/
eclipse3.
2.1/workspace/Kensington.SILVER/plugins/webservicestudio/test/
security/c
erts/clientKS.jks");
configuration.put("C:/eclipse3.2.1/workspace/Kensington.SILVER/
plugins/w
ebservicestudio/test/security/certs/clientKS.jks", properties);
configuration.put(WSHandlerConstants.USER, "admin");
client.getOutInterceptors().add(new
WSS4JOutInterceptor(configuration));
client.getOutInterceptors().add(new SAAJOutInterceptor());
try {
Object o = client.invoke("GetDatabases", new
Object[0]);
System.out.println(o);
} catch (Exception e) {
e.printStackTrace();
}
}
Benjamin Coiffe
