The SAML failures were caused by a hard-coded String in SAMLUtils, I fixed it in CXF master here: https://github.com/apache/cxf/commit/1e90f53f720b76c2dbac910e58ef0b291f98c032
Colm. On Tue, Mar 22, 2022 at 12:48 PM Jim Ma <mail2ji...@gmail.com> wrote: > > Hi Colm, > > Please checkout my working branch : > https://github.com/jimma/cxf/tree/wss4j-30-jakarta > Build all cxf artifacts first with: mvn clean install -Pfastinstall > then go to systests/ws-security, run these tests and you'll get these test > failures. > Please let me know if you have other issues when trying this out. > > Thanks, > Jim > > On Tue, Mar 22, 2022 at 5:18 PM Colm O hEigeartaigh <cohei...@apache.org> > wrote: >> >> Hi Jim, >> >> Which branch are you testing this on in CXF? >> >> Colm. >> >> On Mon, Mar 21, 2022 at 7:26 AM Jim Ma <mail2ji...@gmail.com> wrote: >> > >> > Hi Colm, >> > After I upgraded wss4j version to 3.0.0-SNAPSHOT(jakarta version) in CXF, >> > I got the following ws-security systests failures. >> > Could you please help look at if there is still something we need to fix in >> > wss4j ? Or we need to fix it in CXF ? >> > >> > Thanks, >> > Jim >> > >> > -------------------------------- >> > [ERROR] >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName[14036:dom] >> > Time elapsed: 0.076 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: A security error was encountered >> > when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > Caused by: org.apache.cxf.binding.soap.SoapFault: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName[14036:streaming] >> > Time elapsed: 0.069 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: A security error was encountered >> > when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > Caused by: org.apache.cxf.binding.soap.SoapFault: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName[14037:dom] >> > Time elapsed: 0.048 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: >> > javax.xml.stream.XMLStreamException: >> > org.apache.wss4j.common.ext.WSSecurityException: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > Caused by: org.apache.cxf.binding.soap.SoapFault: >> > javax.xml.stream.XMLStreamException: >> > org.apache.wss4j.common.ext.WSSecurityException: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName[14037:streaming] >> > Time elapsed: 0.062 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: >> > javax.xml.stream.XMLStreamException: >> > org.apache.wss4j.common.ext.WSSecurityException: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > Caused by: org.apache.cxf.binding.soap.SoapFault: >> > javax.xml.stream.XMLStreamException: >> > org.apache.wss4j.common.ext.WSSecurityException: A security error was >> > encountered when verifying the message >> > at >> > org.apache.cxf.systest.ws.saml.SamlTokenTest.testAudienceRestrictionServiceName(SamlTokenTest.java:1194) >> > [INFO] Running org.apache.cxf.systest.ws.xkms.XKMSTest >> > [ERROR] Tests run: 12, Failures: 0, Errors: 12, Skipped: 0, Time elapsed: >> > 1.006 s <<< FAILURE! - in org.apache.cxf.systest.ws.xkms.XKMSTest >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest[14087:dom] >> > Time elapsed: 0.079 s <<< ERROR! >> > jakarta.xml.ws.WebServiceException: >> > org.apache.cxf.service.factory.ServiceConstructionException: Could not find >> > portType named {http://xkms_wsdl._03._2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > Caused by: org.apache.cxf.service.factory.ServiceConstructionException: >> > Could not find portType named {http://xkms_wsdl._03._ >> > 2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding[14087:dom] >> > Time elapsed: 0.051 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding[14087:dom] >> > Time elapsed: 0.047 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest[14087:streaming] >> > Time elapsed: 0.065 s <<< ERROR! >> > jakarta.xml.ws.WebServiceException: >> > org.apache.cxf.service.factory.ServiceConstructionException: Could not find >> > portType named {http://xkms_wsdl._03._2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > Caused by: org.apache.cxf.service.factory.ServiceConstructionException: >> > Could not find portType named {http://xkms_wsdl._03._ >> > 2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding[14087:streaming] >> > Time elapsed: 0.053 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding[14087:streaming] >> > Time elapsed: 0.036 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest[14088:dom] >> > Time elapsed: 0.07 s <<< ERROR! >> > jakarta.xml.ws.WebServiceException: >> > org.apache.cxf.service.factory.ServiceConstructionException: Could not find >> > portType named {http://xkms_wsdl._03._2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > Caused by: org.apache.cxf.service.factory.ServiceConstructionException: >> > Could not find portType named {http://xkms_wsdl._03._ >> > 2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding[14088:dom] >> > Time elapsed: 0.052 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding[14088:dom] >> > Time elapsed: 0.037 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest[14088:streaming] >> > Time elapsed: 0.077 s <<< ERROR! >> > jakarta.xml.ws.WebServiceException: >> > org.apache.cxf.service.factory.ServiceConstructionException: Could not find >> > portType named {http://xkms_wsdl._03._2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > Caused by: org.apache.cxf.service.factory.ServiceConstructionException: >> > Could not find portType named {http://xkms_wsdl._03._ >> > 2002.w3.org/}XKMSPortType >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testRegisterUnitTest(XKMSTest.java:135) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding[14088:streaming] >> > Time elapsed: 0.054 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testSymmetricBinding(XKMSTest.java:211) >> > >> > [ERROR] >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding[14088:streaming] >> > Time elapsed: 0.039 s <<< ERROR! >> > jakarta.xml.ws.soap.SOAPFaultException: XKMS locate call fails for >> > certificate: [application: PKIX; id: CN=bob, OU=eng, O=apache.org]. Error: >> > Could not find wsdl:binding operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: org.apache.cxf.xkms.exception.XKMSLocateException: XKMS locate >> > call fails for certificate: [application: PKIX; id: CN=bob, OU=eng, O= >> > apache.org]. Error: Could not find wsdl:binding operation info for web >> > method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > Caused by: jakarta.xml.ws.WebServiceException: Could not find wsdl:binding >> > operation info for web method locate. >> > at >> > org.apache.cxf.systest.ws.xkms.XKMSTest.testAsymmetricBinding(XKMSTest.java:241) >> > >> > [INFO] >> > [INFO] Results: >> > [INFO] >> > [ERROR] Errors: >> > [ERROR] SamlTokenTest.testAudienceRestrictionServiceName:1194 » SOAPFault >> > A security e... >> > [ERROR] SamlTokenTest.testAudienceRestrictionServiceName:1194 » SOAPFault >> > A security e... >> > [ERROR] SamlTokenTest.testAudienceRestrictionServiceName:1194 » SOAPFault >> > javax.xml.st... >> > [ERROR] SamlTokenTest.testAudienceRestrictionServiceName:1194 » SOAPFault >> > javax.xml.st... >> > [ERROR] XKMSTest.testAsymmetricBinding:241 » SOAPFault XKMS locate call >> > fails for cert... >> > [ERROR] XKMSTest.testAsymmetricBinding:241 » SOAPFault XKMS locate call >> > fails for cert... >> > [ERROR] XKMSTest.testAsymmetricBinding:241 » SOAPFault XKMS locate call >> > fails for cert... >> > [ERROR] XKMSTest.testAsymmetricBinding:241 » SOAPFault XKMS locate call >> > fails for cert... >> > [ERROR] XKMSTest.testRegisterUnitTest:135 » WebService >> > org.apache.cxf.service.factory.... >> > [ERROR] XKMSTest.testRegisterUnitTest:135 » WebService >> > org.apache.cxf.service.factory.... >> > [ERROR] XKMSTest.testRegisterUnitTest:135 » WebService >> > org.apache.cxf.service.factory.... >> > [ERROR] XKMSTest.testRegisterUnitTest:135 » WebService >> > org.apache.cxf.service.factory.... >> > [ERROR] XKMSTest.testSymmetricBinding:211 » SOAPFault XKMS locate call >> > fails for certi... >> > [ERROR] XKMSTest.testSymmetricBinding:211 » SOAPFault XKMS locate call >> > fails for certi... >> > [ERROR] XKMSTest.testSymmetricBinding:211 » SOAPFault XKMS locate call >> > fails for certi... >> > [ERROR] XKMSTest.testSymmetricBinding:211 » SOAPFault XKMS locate call >> > fails for certi... >> > [INFO] >> > [ERROR] Tests run: 974, Failures: 0, Errors: 16, Skipped: 5 >> > --------------------------------------------
