Hi Phil,
You don't need to engage the rahas module for this scenario. Rahas
module is only needed to do secure conversation. Rahas module [1] adds a
module operation with the same action mapping, so I'm not sure whether this
is causing a problem. Can you please try without engaging rahas.
thanks,
nandana
[1] -
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust-mar/module.xml?view=markup
On Thu, Oct 16, 2008 at 3:52 AM, Philippe Camus <[EMAIL PROTECTED]>wrote:
> Hi,
>
> I am trying to implement a custom SAML token issuer for an STS server. The
> documentation I am using is:
> t<http://ws.apache.org/rampart/setting-up-sts.html>
>
> If, following the documentation, I remove the default Rampart module, then
> I get an exception complaining that the Rampart module is not valid or has
> not been deployed.
>
> If I deploy it normally, I receive the following exception:
>
> [WARN] triggerActionNotSupportedFault: messageContext: [MessageContext:
> logID=ur
> n:uuid:27E43CBA95C3534BB81224106538697] problemAction:
> http://schemas.xmlsoap.or
> g/ws/2005/02/trust/RST/Issue
> [ERROR] The [action] cannot be processed at the receiver.
> org.apache.axis2.AxisFault: The [action] cannot be processed at the
> receiver.
> at
> org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingF
> ault(AddressingFaultsHelper.java:373)
> at
> org.apache.axis2.addressing.AddressingFaultsHelper.triggerActionNotSu
> pportedFault(AddressingFaultsHelper.java:336)
> at
> org.apache.axis2.handlers.addressing.AddressingValidationHandler.chec
> kAction(AddressingValidationHandler.java:149)
> at
> org.apache.axis2.handlers.addressing.AddressingValidationHandler.invo
> ke(AddressingValidationHandler.java:55)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
> uest(HTTPTransportUtils.java:275)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
> 33)
>
>
> Here is my services.xml:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> !
> ! Copyright 2006 The Apache Software Foundation.
> !
> ! Licensed under the Apache License, Version 2.0 (the "License");
> ! you may not use this file except in compliance with the License.
> ! You may obtain a copy of the License at
> !
> ! http://www.apache.org/licenses/LICENSE-2.0
> !
> ! Unless required by applicable law or agreed to in writing, software
> ! distributed under the License is distributed on an "AS IS" BASIS,
> ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> ! See the License for the specific language governing permissions and
> ! limitations under the License.
> !-->
> <!-- services.xml of Sample05 : WS Trust -->
> <serviceGroup>
> <service name="STS">
> <module ref="rampart" />
> <module ref="addressing" />
> <module ref="rahas" />
> <operation name="IssueToken"
> mep="http://www.w3.org/2006/01/wsdl/in-out";>
> <messageReceiver
> class="org.apache.rahas.STSMessageReceiver"/>
>
> <!-- Action mapping to accept RST requests -->
> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
> </actionMapping>
> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
> </actionMapping>
> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew
> </actionMapping>
> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel
> </actionMapping>
> <actionMapping>
> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
> <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate
> </actionMapping>
>
> <parameter name="token-dispatcher-configuration">
> <token-dispatcher-configuration>
> <!-- Issuers. You may have many issuers. -->
> <issuer class="org.ihc.rampart.samples.MyIssuer" default="true">
> <configuration
> type="parameter">saml-issuer-config</configuration>
> <tokenType>
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
> </tokenType>
> </issuer>
> </token-dispatcher-configuration>
> </parameter>
> <parameter name="saml-issuer-config">
> <saml-issuer-config>
> <issuerName>SAMPLE_STS</issuerName>
> <issuerKeyAlias>service</issuerKeyAlias>
> <issuerKeyPassword>apache</issuerKeyPassword>
> <cryptoProperties>
> <crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
> <property
> name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</property>
> <property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
> </crypto>
> </cryptoProperties>
> <timeToLive>300000</timeToLive>
> <keySize>256</keySize>
> <addRequestedAttachedRef />
> <addRequestedUnattachedRef />
>
> <!--
> Key computation mechanism
> 1 - Use Request Entropy
> 2 - Provide Entropy
> 3 - Use Own Key
> -->
> <keyComputation>2</keyComputation>
>
> <!--
> proofKeyType element is valid only if the keyComputation is
> set to 3
> i.e. Use Own Key
>
> Valid values are: EncryptedKey & BinarySecret
> -->
> <proofKeyType>BinarySecret</proofKeyType>
> <trusted-services>
> <service alias="service">*</service>
> </trusted-services>
> </saml-issuer-config>
> </parameter>
>
> </operation>
>
>
> <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
>
> <sp:RequireThumbprintReference/>
>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
>
> <sp:RequireThumbprintReference/>
>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:SignedParts>
>
> <ramp:RampartConfig xmlns:ramp="
> http://ws.apache.org/rampart/policy";>
> <ramp:user>service</ramp:user>
>
> <ramp:encryptionUser>client</ramp:encryptionUser>
>
>
> <ramp:passwordCallbackClass>org.ihc.rampart.samples.PWCBHandler</ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
>
>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
>
> </service>
> </serviceGroup>
>
>
>
>
> Best regards,
>
> Phil
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
