Hi Nandana,
Quoting Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
It seems you are getting this must understand check fail error because you
are getting a security
header with a must understand true, in the response you get from the service
and not in the
request that you create. Can please a take look at that and the security
configuration of the service
for the out flow ?
I rewrote the STSMessageReceiver. This is the incoming envelope:
13:11:08,189 DEBUG -
com.spirit.XUA.utils.MyTokenRequestDispatcher.handle(MyTokenRequestDispatcher.java:44) - *********************** TokenRequestDispatcher
received
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";
xmlns:wsa="http://www.w3.org/2005/08/addressing";><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; mustUnderstand="0" /><wsa:To>https://localhost/SpiritXUAServer/services/IdentityProviderIBMLike</wsa:To><wsa:MessageID>urn:uuid:9840EA3FD9E92DCF421199535065940</wsa:MessageID><wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action></soapenv:Header><soapenv:Body><wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><EndpointReference><Address>http://localhost:8080/XDS/12/registry</Address></EndpointReference></wsp:AppliesTo><wst:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2008-01-05T12:11:05.779Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2008-01-05T12:16:05.779Z</wsu:Expires></wst:Lifetime><wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference><wsa:Address>http://ihe.connecthaton.2008.XUA/X-ServiceProvider-NA2008</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Base><wsse:UsernameToken
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Username>Xuagood^User</wsse:Username><wsse:Password>xua</wsse:Password></wsse:UsernameToken></wst:Base></wst:RequestSecurityToken></soapenv:Body></soapenv:Envelope>
and this is the outgoing envelope:
13:11:16,185 DEBUG -
com.spirit.XUA.utils.MyTokenRequestDispatcher.handle(MyTokenRequestDispatcher.java:66) - *********************** TokenRequestDispatcher sent
out
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";><soapenv:Body><wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";><wst:TokenType>oasis:names:tc:SAML:2.0:assertion</wst:TokenType><wst:RequestedAttachedReference><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference URI="#_7cec639dfaf8da1ff680853f79fd2c18" ValueType="oasis:names:tc:SAML:2.0:assertion" /></wsse:SecurityTokenReference></wst:RequestedAttachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Address>http://ihe.connecthaton.2008.XUA/X-ServiceProvider-NA2008</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:RequestedSecurityToken><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_7cec639dfaf8da1ff680853f79fd2c18" IssueInstant="2008-01-05T12:11:15.427Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:SAML:2.0:nameid-format:entity" SPNameQualifier="spirit-idp" SPProvidedID="spirit-idp">Address: https://localhost/SpiritXUAServer/services/IdentityProviderIBMLike</saml:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#_7cec639dfaf8da1ff680853f79fd2c18">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml"
/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; />
<ds:DigestValue>eOsEzD+7x0vh4T3Xz1LB+wNYLxb+dfD5VlINPB3NZqs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
GFurmnokKM99DPG9etErMUPI85jidXpbA3TfnEA3cp1mn92lW5McbIw3t85ZXqIPGI/SavsieBxh
3/piRuyMDyKYVxe/luExPGErk9yZLFTsfRoi1KmTwCpLMa2GBOZ8d926j9jlEdNxYRhCaPcCCE7H
IOx1cKSqJVKWhVv236E=
</ds:SignatureValue>
</ds:Signature><saml:Subject><saml:NameID>Xuagood^User</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /></saml:Subject><saml:Conditions NotBefore="2008-01-05T12:11:15.427Z" NotOnOrAfter="2008-01-05T13:11:15.427Z"><saml:AudienceRestriction><saml:Audience>http://ihe.connecthaton.2008.XUA/X-ServiceProvider-NA2008</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2008-01-05T12:11:15.427Z"
SessionNotOnOrAfter="2008-01-05T13:11:15.427Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></wst:RequestedSecurityToken><wst:Status><wst:Code>http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid</wst:Code></wst:Status></wst:RequestSecurityTokenResponse></soapenv:Body></soapenv:Envelope>
and just after this, I get:
Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd :
Security
As you can see, there is no mustUnderstand="1". I've no idea on how to
proceed...
This is the complete stack trace:
13:11:16,569 ERROR [STDERR] org.apache.axis2.AxisFault: Must
Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd :
Security
13:11:16,571 ERROR [STDERR] at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
13:11:16,572 ERROR [STDERR] at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
13:11:16,572 ERROR [STDERR] at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
13:11:16,573 ERROR [STDERR] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
13:11:16,573 ERROR [STDERR] at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
13:11:16,574 ERROR [STDERR] at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
13:11:16,575 ERROR [STDERR] at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
13:11:16,575 ERROR [STDERR] at
com.spirit.XUA.utils.MySTSClient.requestSecurityTokenWithSSL(MySTSClient.java:222)
13:11:16,577 ERROR [STDERR] at
com.spirit.XUA.utils.XUAAssertions.getAuthenticatedViaWSTrustAsPlain(XUAAssertions.java:553)
13:11:16,577 ERROR [STDERR] at
com.tmed.report.xds.io.XUAHandler.askNewAssertion(XUAHandler.java:90)
13:11:16,578 ERROR [STDERR] at com.tmed.report.Login.doGet(Login.java:83)
13:11:16,578 ERROR [STDERR] at com.tmed.report.Login.doPost(Login.java:128)
13:11:16,579 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
13:11:16,579 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
13:11:16,580 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
13:11:16,580 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:11:16,581 ERROR [STDERR] at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
13:11:16,581 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
13:11:16,582 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
13:11:16,582 ERROR [STDERR] at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
13:11:16,583 ERROR [STDERR] at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
13:11:16,583 ERROR [STDERR] at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
13:11:16,583 ERROR [STDERR] at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
13:11:16,584 ERROR [STDERR] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
13:11:16,585 ERROR [STDERR] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
13:11:16,585 ERROR [STDERR] at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
13:11:16,585 ERROR [STDERR] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
13:11:16,586 ERROR [STDERR] at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
13:11:16,586 ERROR [STDERR] at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
13:11:16,588 ERROR [STDERR] at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
13:11:16,588 ERROR [STDERR] at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
13:11:16,589 ERROR [STDERR] at java.lang.Thread.run(Thread.java:613)
Thank you,
Massimiliano
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
