As I said earlier: >>> You need to set SecurityConstants.SELF_SIGN_SAML_ASSERTION to "true" >>> in your configuration (and define the appropriate CallbackHandler and >>> crypto property tags):
See here for some sample configuration: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml?view=markup The Test is here: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup Colm. On Thu, Apr 12, 2012 at 5:48 AM, Shwetank <[email protected]> wrote: > On 11-04-2012 21:19, Shwetank wrote: >> >> On 11-04-2012 19:33, Colm O hEigeartaigh wrote: >>> >>> You need to set SecurityConstants.SELF_SIGN_SAML_ASSERTION to "true" >>> in your configuration (and define the appropriate CallbackHandler and >>> crypto property tags): >>> >>> >>> http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?view=markup >>> >>> Colm. >>> >>> On Wed, Apr 11, 2012 at 2:40 PM, Shwetank<[email protected]> >>> wrote: >>>> >>>> Hi >>>> >>>> Pardon me if i break a rule or two of mailing-list directives. >>>> I seek help on how to sign SAML 1.1 assertion with CXF 2.5.2 for >>>> holder-of-key confirmation method: >>>> >>>> a) an OWSM policy >>>> wss10_saml_hok_token_with_message_protection_service_policy is applied >>>> to a >>>> test service >>>> b) the policy and wsdl look like following >>>> >>>> <?xml version="1.0"?> >>>> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"; >>>> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; >>>> xmlns:tns="http://owsm.test.wsa.bf.hs.com/"; >>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >>>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; >>>> name="POManagerService" >>>> targetNamespace="http://owsm.test.wsa.bf.hs.com/";> >>>> <wsp:Policy >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> wsu:Id="POManagerPort_Fault_Policy"/> >>>> <wsp:Policy >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> wsu:Id="POManagerPort_Input_Policy"> >>>> <sp:SignedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/> >>>> <sp:Header >>>> Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/> >>>> <sp:Header Name="fmw-context" >>>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"/> >>>> </sp:SignedParts> >>>> <sp:EncryptedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> <sp:Header Name="fmw-context" >>>> Namespace="http://xmlns.oracle.com/fmw/context/1.0"/> >>>> </sp:EncryptedParts> >>>> </wsp:Policy> >>>> <wsp:Policy >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> wsu:Id="POManagerPort_Output_Policy"> >>>> <sp:SignedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> </sp:SignedParts> >>>> <sp:EncryptedParts >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <sp:Body/> >>>> </sp:EncryptedParts> >>>> </wsp:Policy> >>>> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy"; >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy"; >>>> xmlns:orasp="http://schemas.oracle.com/ws/2006/01/securitypolicy"; >>>> wsu:Id="wss10_saml_hok_token_with_message_protection_service_policy"> >>>> <sp:AsymmetricBinding >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <wsp:Policy> >>>> <sp:InitiatorToken> >>>> <wsp:Policy> >>>> <sp:SamlToken >>>> >>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> >>>> <wsp:Policy> >>>> <sp:WssSamlV11Token10/> >>>> </wsp:Policy> >>>> </sp:SamlToken> >>>> </wsp:Policy> >>>> </sp:InitiatorToken> >>>> <sp:RecipientToken> >>>> <wsp:Policy> >>>> <sp:X509Token >>>> >>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";> >>>> <wsp:Policy> >>>> <sp:WssX509V3Token10/> >>>> </wsp:Policy> >>>> </sp:X509Token> >>>> </wsp:Policy> >>>> </sp:RecipientToken> >>>> <sp:AlgorithmSuite> >>>> <wsp:Policy> >>>> <sp:Basic128/> >>>> </wsp:Policy> >>>> </sp:AlgorithmSuite> >>>> <sp:Layout> >>>> <wsp:Policy> >>>> <sp:Lax/> >>>> </wsp:Policy> >>>> </sp:Layout> >>>> <sp:IncludeTimestamp/> >>>> <sp:OnlySignEntireHeadersAndBody/> >>>> </wsp:Policy> >>>> </sp:AsymmetricBinding> >>>> <sp:Wss10 >>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>>> <wsp:Policy/> >>>> </sp:Wss10> >>>> </wsp:Policy> >>>> <types> >>>> <xsd:schema> >>>> <xsd:import namespace="http://owsm.test.wsa.bf.hs.com/"; >>>> schemaLocation="http://server:7001/testwebservice/POManagerPort?xsd=1"/> >>>> </xsd:schema> >>>> </types> >>>> <message name="createOrder"> >>>> <part name="parameters" element="tns:createOrder"/> >>>> </message> >>>> <message name="createOrderResponse"> >>>> <part name="parameters" element="tns:createOrderResponse"/> >>>> </message> >>>> <portType name="POManager"> >>>> <operation name="createOrder"> >>>> <input message="tns:createOrder"/> >>>> <output message="tns:createOrderResponse"/> >>>> </operation> >>>> </portType> >>>> <binding name="POManagerPortBinding" type="tns:POManager"> >>>> <soap:binding style="document" >>>> transport="http://schemas.xmlsoap.org/soap/http"/> >>>> <wsp:PolicyReference >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> URI="#wss10_saml_hok_token_with_message_protection_service_policy" >>>> wsdl:required="false"/> >>>> <operation name="createOrder"> >>>> <soap:operation soapAction=""/> >>>> <input> >>>> <soap:body use="literal"/> >>>> <wsp:PolicyReference >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> URI="#POManagerPort_Input_Policy" wsdl:required="false"/> >>>> </input> >>>> <output> >>>> <soap:body use="literal"/> >>>> <wsp:PolicyReference >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>>> URI="#POManagerPort_Output_Policy" wsdl:required="false"/> >>>> </output> >>>> </operation> >>>> </binding> >>>> <service name="POManagerService"> >>>> <port name="POManagerPort" binding="tns:POManagerPortBinding"> >>>> <soap:address >>>> location="http://server:7001/testwebservice/POManagerPort"/> >>>> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> >>>> <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing";> >>>> http://server:7001/testwebservice/POManagerPort >>>> </wsa:Address> >>>> <wsid:Identity >>>> xmlns:wsid="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";> >>>> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> >>>> <dsig:X509Data> >>>> <dsig:X509Certificate> >>>> ................ >>>> </dsig:X509Certificate> >>>> <dsig:X509IssuerSerial> >>>> <dsig:X509IssuerName> >>>> ......... >>>> </dsig:X509IssuerName> >>>> <dsig:X509SerialNumber>-....</dsig:X509SerialNumber> >>>> </dsig:X509IssuerSerial> >>>> <dsig:X509SubjectName> >>>> ....... >>>> </dsig:X509SubjectName> >>>> </dsig:X509Data> >>>> </dsig:KeyInfo> >>>> </wsid:Identity> >>>> </wsa:EndpointReference> >>>> </port> >>>> </service> >>>> </definitions> >>>> >>>> >>>> >>>> c) following is message generated by cxf2.5.2 for this policy >>>> >>>> <?xml version="1.0"?> >>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >>>> <soap:Header> >>>> <wsse:Security >>>> >>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> soap:mustUnderstand="1"> >>>> <wsse:BinarySecurityToken >>>> >>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; >>>> >>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; >>>> >>>> wsu:Id="BC59F58138560D687613341497540725">MIIB+DCCAaICCQCbeQ7C1MJrOTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAkFQMQwwCgYDVQQHEwNIWUQxEDAOBgNVBAoTB3ByYW1hdGkxEDAOBgNVBAsTB3ByYW1hdGkxEjAQBgNVBAMTCXNvYWJwbS12bTEgMB4GCSqGSIb3DQEJARYRZW1haWxAcHJhbWF0aS5jb20wHhcNMTIwNDEwMTI1OTA0WhcNMTMwNDEwMTI1OTA0WjCBgjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAkFQMQwwCgYDVQQHEwNIWUQxEDAOBgNVBAoTB3ByYW1hdGkxEDAOBgNVBAsTB3ByYW1hdGkxEjAQBgNVBAMTCXNvYWJwbS12bTEgMB4GCSqGSIb3DQEJARYRZW1haWxAcHJhbWF0aS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1ZwvGTS5gxDgGjoHuaqY9dh26un58rF3YFpuNY6F9JROBooMmbEWAWlvN+kjrEBhoQhTMbnwp8Sa+sPxOI+b8QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAIlGPjJUTytuNsfeIy+dPFAT6XXN6sbiTTcFmhGUtP8q3XJRQCFlMKqFrWP/SVck8PPdH6fSO8EzOLLOYF5dkPQ==</wsse:BinarySecurityToken> >>>> <wsu:Timestamp wsu:Id="TS-1"> >>>> <wsu:Created>2012-04-11T13:06:42.679Z</wsu:Created> >>>> <wsu:Expires>2012-04-11T13:11:42.679Z</wsu:Expires> >>>> </wsu:Timestamp> >>>> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >>>> Id="EK-BC59F58138560D687613341497540724"> >>>> <xenc:EncryptionMethod >>>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> >>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> <wsse:SecurityTokenReference> >>>> <wsse:Reference URI="#BC59F58138560D687613341497540725" >>>> >>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> >>>> </wsse:SecurityTokenReference> >>>> </ds:KeyInfo> >>>> <xenc:CipherData> >>>> >>>> <xenc:CipherValue>tUjFXfI6BPNO78XzWGThNnCvXloGK001IPwzMiEdz4XAuz86gaCCTJ5+KBVKTsMhGxXOVNaOWTeLo3VzMKYWPA==</xenc:CipherValue> >>>> </xenc:CipherData> >>>> <xenc:ReferenceList> >>>> <xenc:DataReference URI="#ED-3"/> >>>> </xenc:ReferenceList> >>>> </xenc:EncryptedKey> >>>> <saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" >>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>> AssertionID="_BC59F58138560D687613341496647771" >>>> IssueInstant="2012-04-11T13:07:44.551Z" Issuer="www.oracle.com" >>>> MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"> >>>> <saml1:Conditions NotBefore="2012-04-11T13:07:44.838Z" >>>> NotOnOrAfter="2012-04-11T13:12:44.838Z"/> >>>> <saml1:AttributeStatement> >>>> <saml1:Subject> >>>> <saml1:NameIdentifier >>>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" >>>> NameQualifier="www.oracle.com">weblogic</saml1:NameIdentifier> >>>> <saml1:SubjectConfirmation> >>>> >>>> <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml1:ConfirmationMethod> >>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> <ds:X509Data> >>>> <ds:X509Certificate>........................</ds:X509Certificate> >>>> </ds:X509Data> >>>> </ds:KeyInfo> >>>> </saml1:SubjectConfirmation> >>>> </saml1:Subject> >>>> <saml1:Attribute AttributeName="subject-role" >>>> AttributeNamespace="http://custom-ns";> >>>> <saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; >>>> xsi:type="xs:string">system-user</saml1:AttributeValue> >>>> </saml1:Attribute> >>>> </saml1:AttributeStatement> >>>> </saml1:Assertion> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-2"> >>>> <ds:SignedInfo> >>>> <ds:CanonicalizationMethod >>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >>>> <ds:SignatureMethod >>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> >>>> <ds:Reference URI="#TS-1"> >>>> <ds:Transforms> >>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >>>> </ds:Transforms> >>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> >>>> <ds:DigestValue>/LPHR8sX+ptPaN8+iZYQxYwffG8=</ds:DigestValue> >>>> </ds:Reference> >>>> <ds:Reference URI="#Id-26930486"> >>>> <ds:Transforms> >>>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >>>> </ds:Transforms> >>>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> >>>> <ds:DigestValue>ej9eQZSJOyVu6TgV8MO/exfxCeA=</ds:DigestValue> >>>> </ds:Reference> >>>> </ds:SignedInfo> >>>> >>>> <ds:SignatureValue>uBvdcZ7jkAty14s0tdMKGvI4z1lCbWDo2RQEWjJ9t6z9vASoB98l4NeshQz96JWDqpGFgb4wd93/f9ra0Y68xA==</ds:SignatureValue> >>>> <ds:KeyInfo Id="KI-BC59F58138560D687613341497504882"> >>>> <wsse:SecurityTokenReference >>>> >>>> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; >>>> >>>> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; >>>> wsu:Id="STR-BC59F58138560D687613341497504923"> >>>> <wsse:KeyIdentifier >>>> >>>> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_BC59F58138560D687613341496647771</wsse:KeyIdentifier> >>>> </wsse:SecurityTokenReference> >>>> </ds:KeyInfo> >>>> </ds:Signature> >>>> </wsse:Security> >>>> </soap:Header> >>>> <soap:Body >>>> >>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >>>> wsu:Id="Id-26930486"> >>>> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; >>>> Id="ED-3" >>>> Type="http://www.w3.org/2001/04/xmlenc#Content";> >>>> <xenc:EncryptionMethod >>>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> >>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> <wsse:SecurityTokenReference >>>> >>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >>>> >>>> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; >>>> >>>> wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";> >>>> <wsse:Reference URI="#EK-BC59F58138560D687613341497540724"/> >>>> </wsse:SecurityTokenReference> >>>> </ds:KeyInfo> >>>> <xenc:CipherData> >>>> <xenc:CipherValue>.............................</xenc:CipherValue> >>>> </xenc:CipherData> >>>> </xenc:EncryptedData> >>>> </soap:Body> >>>> </soap:Envelope> >>>> >>>> >>>> d) and i receive following error from OWSM (oracle web services manager) >>>> >>>> Policy compliance failure: Header/Element >>>> NS=urn:oasis:names:tc:SAML:1.0:assertion; LocalName=Assertion must be >>>> signed >>>> [WSM_PolicyName: >>>> oracle/wss10_saml_hok_token_with_message_protection_service_policy] The >>>> signed message elements or parts do not comply with the policy. >>>> >>>> >>>> i seek help to understand which part of the message is not being >>>> signed..and >>>> why..or how could i sign it. >>>> am using the SamlCallbackHandler (supplied with tests) to add attributes >>>> >>>> following is the callbackhandler code if that may help >>>> >>>> >>>> /////////////////////////////////////////////////////////////////////////////// >>>> public void handle(Callback[] callbacks) throws IOException, >>>> UnsupportedCallbackException { >>>> for (int i = 0; i< callbacks.length; i++) >>>> if ((callbacks[i] instanceof SAMLCallback)) { >>>> SAMLCallback callback = (SAMLCallback)callbacks[i]; >>>> if (this.saml2) { >>>> callback.setSamlVersion(SAMLVersion.VERSION_20); >>>> } >>>> callback.setIssuer("www.oracle.com"); >>>> String subjectName = "weblogic"; >>>> String subjectQualifier = "www.oracle.com"; >>>> >>>> SubjectBean subjectBean = new SubjectBean(subjectName, >>>> subjectQualifier, this.confirmationMethod); >>>> >>>> if >>>> >>>> (("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(this.confirmationMethod)) >>>> || >>>> >>>> ("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key".equals(this.confirmationMethod))) >>>> { >>>> try >>>> { >>>> KeyInfoBean keyInfo = createKeyInfo(); >>>> subjectBean.setKeyInfo(keyInfo); >>>> } catch (Exception ex) { >>>> throw new IOException("Problem creating KeyInfo: " + >>>> ex.getMessage()); >>>> } >>>> } >>>> >>>> callback.setSubject(subjectBean); >>>> >>>> AttributeStatementBean attrBean = new AttributeStatementBean(); >>>> attrBean.setSubject(subjectBean); >>>> >>>> AttributeBean attributeBean = new AttributeBean(); >>>> if (this.saml2) { >>>> attributeBean.setQualifiedName("subject-role"); >>>> } else { >>>> attributeBean.setSimpleName("subject-role"); >>>> attributeBean.setQualifiedName("http://custom-ns";); >>>> } >>>> >>>> >>>> attributeBean.setAttributeValues(Collections.singletonList("system-user")); >>>> >>>> attrBean.setSamlAttributes(Collections.singletonList(attributeBean)); >>>> >>>> >>>> callback.setAttributeStatementData(Collections.singletonList(attrBean)); >>>> } >>>> } >>>> >>>> protected KeyInfoBean createKeyInfo() throws Exception >>>> { >>>> Crypto crypto = CryptoFactory.getInstance("signature.properties"); >>>> >>>> CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); >>>> cryptoType.setAlias("myprivate"); >>>> X509Certificate[] certs = crypto.getX509Certificates(cryptoType); >>>> >>>> KeyInfoBean keyInfo = new KeyInfoBean(); >>>> keyInfo.setCertificate(certs[0]); >>>> keyInfo.setCertIdentifer(KeyInfoBean.CERT_IDENTIFIER.X509_CERT); >>>> >>>> return keyInfo; >>>> } >>>> >>>> >>>> ////////////////////////////////////////////////////////////////////////////// >>>> >>>> >>> >>> >> i did use that as well..but that would rather add a certificate to >> Signature..and nothing else is the motive because we are claiming to use a >> self signed certificate for sending message. >> however, the problem here is with response not containing any certificate. >> please help me understand what keystore/truststore configuration would it >> require (if that is the problem at all). for now i have configured a custom >> identity/trust using a certificate/private key which i generated adding >> myself as a CA. >> Please suggest what more would it need.. >> >> thanks for replying! > > > > oops!!sorry!...no, the problem is not with " response not containing any > certificate." ..i messed up another problem into this in last update. > this is just about assertion not being signed. > > > Policy compliance failure: Header/Element > NS=urn:oasis:names:tc:SAML:1.0:assertion; LocalName=Assertion must be signed > > please suggest! -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
