Hi, I am trying to implement a custom SAML token issuer for an STS server. The documentation I am using is: http://ws.apache.org/rampart/setting-up-sts.html.
If, following the documentation, I remove the default Rampart module, then I get an exception complaining that the Rampart module is not valid or has not been deployed. If I deploy it normally, I receive the following exception: [WARN] triggerActionNotSupportedFault: messageContext: [MessageContext: logID=ur n:uuid:27E43CBA95C3534BB81224106538697] problemAction: http://schemas.xmlsoap.or g/ws/2005/02/trust/RST/Issue [ERROR] The [action] cannot be processed at the receiver. org.apache.axis2.AxisFault: The [action] cannot be processed at the receiver. at org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingF ault(AddressingFaultsHelper.java:373) at org.apache.axis2.addressing.AddressingFaultsHelper.triggerActionNotSu pportedFault(AddressingFaultsHelper.java:336) at org.apache.axis2.handlers.addressing.AddressingValidationHandler.chec kAction(AddressingValidationHandler.java:149) at org.apache.axis2.handlers.addressing.AddressingValidationHandler.invo ke(AddressingValidationHandler.java:55) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq uest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 33) Here is my services.xml: <?xml version="1.0" encoding="UTF-8"?> <!-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the "License"); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an "AS IS" BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. !--> <!-- services.xml of Sample05 : WS Trust --> <serviceGroup> <service name="STS"> <module ref="rampart" /> <module ref="addressing" /> <module ref="rahas" /> <operation name="IssueToken" mep="http://www.w3.org/2006/01/wsdl/in-out";> <messageReceiver class="org.apache.rahas.STSMessageReceiver"/> <!-- Action mapping to accept RST requests --> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping> <parameter name="token-dispatcher-configuration"> <token-dispatcher-configuration> <!-- Issuers. You may have many issuers. --> <issuer class="org.ihc.rampart.samples.MyIssuer" default="true"> <configuration type="parameter">saml-issuer-config</configuration> <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> </issuer> </token-dispatcher-configuration> </parameter> <parameter name="saml-issuer-config"> <saml-issuer-config> <issuerName>SAMPLE_STS</issuerName> <issuerKeyAlias>service</issuerKeyAlias> <issuerKeyPassword>apache</issuerKeyPassword> <cryptoProperties> <crypto provider="org.apache.ws.security.components.crypto.Merlin"> <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> <property name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</property> <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> </crypto> </cryptoProperties> <timeToLive>300000</timeToLive> <keySize>256</keySize> <addRequestedAttachedRef /> <addRequestedUnattachedRef /> <!-- Key computation mechanism 1 - Use Request Entropy 2 - Provide Entropy 3 - Use Own Key --> <keyComputation>2</keyComputation> <!-- proofKeyType element is valid only if the keyComputation is set to 3 i.e. Use Own Key Valid values are: EncryptedKey & BinarySecret --> <proofKeyType>BinarySecret</proofKeyType> <trusted-services> <service alias="service">*</service> </trusted-services> </saml-issuer-config> </parameter> </operation> <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>service</ramp:user> <ramp:encryptionUser>client</ramp:encryptionUser> <ramp:passwordCallbackClass>org.ihc.rampart.samples.PWCBHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> </serviceGroup> Best regards, Phil
