Thank you that you take care of my problem. I am using Apache Tomcat 6.0.14 as servlet container and i have only the standard JARs in my Tomcat\lib folder. I attached a list of JARs in the client WEB-INF\lib directory. I also attached the Tomcat console output.
Regards, Martin Wilden PS: The size of the bundled WSS4J 1.5.4 (307.091 Bytes) differs from the JAR you can download from the project hompage (307.437 Bytes) At least the thre files SignatureProcessor.class 15.992 Bytes [rapmpart-dist] 16.060 Bytes [wss4j] WSSecEncrypt.class 15.973 Bytes [rampart-dist] (16.001 Bytes [wssj4] WSSecEncryptedKey.class 11.104 Bytes [rapmpart-dist] 11.205 Bytes [wss4j] are different. My JARs: 52n-security-core-2.0-SNAPSHOT.jar 52n-security-facade-2.0-SNAPSHOT.jar 52n-security-service-2.0-SNAPSHOT.jar activation-1.1.jar annogen-0.1.0.jar axiom-api-1.2.7.jar axiom-dom-1.2.7.jar axiom-impl-1.2.7.jar axis2-adb-1.4.jar axis2-adb-codegen-1.4.jar axis2-ant-plugin-1.4.jar axis2-clustering-1.4.jar axis2-codegen-1.4.jar axis2-corba-1.4.jar axis2-fastinfoset-1.4.jar axis2-java2wsdl-1.4.jar axis2-jaxbri-1.4.jar axis2-jaxws-1.4.jar axis2-jaxws-api-1.4.jar axis2-jibx-1.4.jar axis2-json-1.4.jar axis2-jws-api-1.4.jar axis2-kernel-1.4.jar axis2-metadata-1.4.jar axis2-mtompolicy-1.4.jar axis2-saaj-1.4.jar axis2-saaj-api-1.4.jar axis2-spring-1.4.jar axis2-xmlbeans-1.4.jar backport-util-concurrent-3.1.jar commons-beanutils-1.6.1.jar commons-codec-1.3.jar commons-collections-2.1.1.jar commons-digester-1.6.jar commons-discovery-0.2.jar commons-fileupload-1.0.jar commons-fileupload-1.2.jar commons-httpclient-3.0.1.jar commons-httpclient-3.1.jar commons-httpclient-contrib-3.0-beta1.jar commons-io-1.4.jar commons-lang-2.0.jar commons-logging-1.0.4.jar commons-logging-1.1.1.jar commons-pool-1.4.jar commons-validator-1.1.4.jar geronimo-annotation_1.0_spec-1.1.jar geronimo-stax-api_1.0_spec-1.0.1.jar httpcore-4.0-beta1.jar httpcore-nio-4.0-beta1.jar jalopy-1.5rc3.jar jaxb-api-2.1.jar jaxb-impl-2.1.6.jar jaxb-xjc-2.1.6.jar jaxen-1.1.1.jar jdom-1.0.jar jettison-1.0-RC2.jar jibx-bind-1.1.5.jar jibx-run-1.1.5.jar jstl-1.1.0.jar jstl.jar jug-1.1.2.jar log4j-1.2.15.jar mail-1.4.jar mex-1.4.jar neethi-2.0.4.jar opensaml-1.1.406.jar rampart-core-1.4.jar rampart-policy-1.4.jar rampart-trust-1.4.jar soapmonitor-1.4.jar standard.jar struts-1.2.7.jar woden-api-1.0M8.jar woden-impl-dom-1.0M8.jar wsdl4j-1.6.2.jar wss4j-1.5.4.jar wstx-asl-3.2.4.jar xalan-2.7.0.jar xercesImpl-2.8.1.jar xml-apis-1.3.04.jar xml-resolver-1.2.jar xmlbeans-2.3.0.jar XmlSchema-1.4.2.jar xmlsec-1.4.1.jar console output: [INFO] Verification successful for URI "#Id-9239478" [INFO] Verification successful for URI "#Timestamp-20370387" ############################# Requested Token ################################### <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsd=" http://www.w3.org/2001/XMLSchema"; xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"; xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_a57632a68e4ed43b74250a4586afe2c3" IssueInstant="2008-08-14T13:18:05.906Z" Issuer="SAMPLE_STS" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2008-08-14T13:18:05.625Z" NotOnOrAfter="2008-08-14T13:23:05.625Z" /><AttributeStatement><Subject><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";><xenc:EncryptedKey xmlns:xenc=" http://www.w3.org/2001/04/xmlenc#"; xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; Id="EncKeyId-urn:uuid:BC679C257E5A24896712187198858436"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:KeyIdentifier EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 ">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier></wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData><xenc:CipherValue>QSO+VPjmLICjSlUeAMVfV309ANOWvnW5OCxVYEn9jq5GKKbW23V0zEgP/O3CRlILKy7EWnPQLT0IqZ3ZlxKPnHT+H2+njVuUhkwsvGUa8/eS3O/P5CkJdEL6lZ+rWClvl8citX4JTqIaXXO+MOXHAaszW76MxIhwpPgEV7NtFuo=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></KeyInfo></SubjectConfirmation></Subject><Attribute AttributeName="Name" AttributeNamespace=" https://rahas.apache.org/saml/attrns";><AttributeValue>Colombo/Rahas</AttributeValue></Attribute></AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#_a57632a68e4ed43b74250a4586afe2c3"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind rw saml samlp typens #default xsd xsi" /></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>0+Yso20IE2YE2/N83EXdSxaz9LI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> NRNo5mvRclD//mqKdDAdMvTg3sITdod8wgXlIuCEZftWRRDQ0Urhrpz00Yb1g/5nawoutFvOfdd6 wk6l5liC0gt65WEm2MjeLwB7FCzT7PMTVgqEz403TV8ssQyr5UMv1Y9LIyzj1orCJFbda7ys9130 /SRauy7tkbxjg4OPEC8= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIICTjCCAbcCBEbJZQEwDQYJKoZIhvcNAQEEBQAwbTELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dl c3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFy dDEXMBUGA1UEAxMOU2FtcGxlIFNlcnZpY2UwIBcNMDcwODIwMDk1NTEzWhgPMjA2MjA1MjMwOTU1 MTNaMG0xCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQHEwdDb2xvbWJvMQ8w DQYDVQQKEwZBcGFjaGUxEDAOBgNVBAsTB1JhbXBhcnQxFzAVBgNVBAMTDlNhbXBsZSBTZXJ2aWNl MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDtgg6ess2lU1yOD48/iiAlWObB0WwAQtFG4bb 2KyvOE9dRF7+d/aZrHti3QWs6dtHpGkVMLgpomoq7APEq1kQnRvduk2T6ln83Jw1EpPDXH/emqeC 9OdNqHZj3eoyf34JMmgShuviYDqYaK4HkRmZMiJ13aPeZzPl60yBWydAuwIDAQABMA0GCSqGSIb3 DQEBBAUAA4GBACVcoAqNbjO7+Jbm6+3pyYagQoBpdHZLnR8EU9/CRKmUGTj5qjXqYtE+Eka6OYKB zv/dHdYlB2X3yH3YlSx1OtA3+5xl4VIjYODlgh9Bs9Tbqj1tw0G37dLrlG97kJAVjrkfm743N9EH KFtFaX4iF1tWbGxa4+vIbbV4CaUG5s5x </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo></ds:Signature></Assertion> [WARN] Verification failed for URI "#Id-2669109" [INFO] Verification successful for URI "#Timestamp-1438817" 2008/8/14 Nandana Mihindukulasooriya <[EMAIL PROTECTED]> > I rushed through the mail and missed what you have said :). This may be > obvious, but to make sure, is there any chance that you web application > (client servlet) picking the release OpenSAML jar depending on containers > class loading mechanism ? . > > regards, > nandana > > On Sun, Aug 10, 2008 at 6:40 PM, Martin Wilden <[EMAIL PROTECTED] > >wrote: > > > Hi Nandana, > > > > thank you for the fast answer. But I already have the patched OpenSAML > JAR > > in my Axis2/lib directory and in the client classpath. And the sample is > > working. > > But not my custom client with the same code. > > > > I attached the exeption stracktrace at the end of this eMail > > > > Regards, > > > > Martin Wilden > > > > > > [WARN] Verification failed for URI "#Id-16061615" > > [INFO] Verification successful for URI "#Timestamp-10486964" > > [ERROR] The signature or decryption was invalid > > org.apache.axis2.AxisFault: The signature or decryption was invalid > > at > > > > > org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) > > at org.apache.rampart.handler. > > RampartReceiver.invoke(RampartReceiver.java:95) > > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > > at > > > > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) > > at > > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > > at > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) > > at > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) > > at > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > > at > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > > at > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) > > at > > > > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > > at > > > > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > > at > > > > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > > at > > > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) > > at java.lang.Thread.run(Thread.java:619) > > Caused by: org.apache.ws.security.WSSecurityException: The signature or > > decryption was invalid > > at > > > > > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:419) > > at > > > > > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85) > > at > > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311) > > at > > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228) > > at > > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:181) > > at org.apache.rampart.RampartEngine.process(RampartEngine.java:138) > > at > > > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) > > ... 21 more > > org.apache.axis2.AxisFault: The signature or decryption was invalid > > at > > > > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) > > at > > > > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) > > at > > > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > > at > > > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548) > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) > > at > > > > > org.n52.security.service.gatekeeper.client.GatekeeperConnector.callSoapServiceForMessage(GatekeeperConnector.java:186) > > at > > > > > org.n52.security.service.gatekeeper.client.GatekeeperConnector.getGatekeeperResponse(GatekeeperConnector.java:102) > > at > > > > > org.n52.security.service.gatekeeper.client.GatekeeperSecurityClient.getPreconditions(GatekeeperSecurityClient.java:117) > > at > > > > > org.n52.security.apps.wscweb.struts.gatekeeper.StartAction.execute(StartAction.java:87) > > at > > > > > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) > > at > > > > > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) > > at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194) > > at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > > at > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) > > at > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) > > at > > > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) > > at > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > > at > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > > at > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) > > at > > > > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > > at > > > > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > > at > > > > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > > at > > > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) > > at java.lang.Thread.run(Thread.java:619) > > [INFO ] 2008-08-10 14:50:55,484 [http-8080-Processor23] > > org.n52.security.apps.wscweb.struts.gatekeeper.StartAction - Facade > > creation > > failed at http://localhost:8080/axis2/services/Gatekeeper and gatename > > 002358f2-08a1-4bd8-8bac-c204d48cc0db > > org.n52.security.service.base.ServiceException: null thrown while parsing > > authentication response into a DOM document. > > at > > > > > org.n52.security.service.gatekeeper.client.GatekeeperSecurityClient.getPreconditions(GatekeeperSecurityClient.java:126) > > at > > > > > org.n52.security.apps.wscweb.struts.gatekeeper.StartAction.execute(StartAction.java:87) > > at > > > > > org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) > > at > > > > > org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) > > at > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194) > > at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) > > at > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > > at > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) > > at > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) > > at > > > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) > > at > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > > at > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > > at > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) > > at > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) > > at > > > > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > > at > > > > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > > at > > > > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > > at > > > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) > > at java.lang.Thread.run(Thread.java:619) > > > > > > 2008/8/8 Nandana Mihindukulasooriya <[EMAIL PROTECTED]> > > > > > > > > > > > http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_4/modules/rampart-samples/policy/sample05/README.txt?view=markup > > > > > > thanks, > > > nandana > > > > > > On Fri, Aug 8, 2008 at 1:28 AM, Martin Wilden <[EMAIL PROTECTED] > > > >wrote: > > > > > > > Hi everyone, > > > > > > > > i have a problem running sample05 from the policies samples (Rampart > > 1.4) > > > > with a custom client. > > > > At first i get a SAML Token from the STS. Thats working fine. > > > > But when i try to invoke the service i get a "Verification failed" > > > warning. > > > > After that i get the following exception: > > > > > > > > [ERROR] The signature or decryption was invalid > > > > org.apache.axis2.AxisFault: The signature or decryption was invalid > > > > at > > > > org.apache.rampart.handler. > > > > > RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) > > > > > > > > I'm using the same client code as in the sample (and same policies > and > > > > keystores) . > > > > > > > > The client is running as a servlet in Tomcat 6.0.14. When i try to > > > invoke > > > > the service with the sample client it's working fine. > > > > > > > > Do you have any suggestions to solve the problem? > > > > > > > > Best regards, > > > > > > > > Martin Wilden > > > > > > > > > > > > > > > > -- > > > Nandana Mihindukulasooriya > > > WSO2 inc. > > > > > > http://nandana83.blogspot.com/ > > > http://www.wso2.org > > > > > >
