Thanks Nandana, I will try and post the result. I won't explore this option anymore however: I simply went through the source code of Rampart and Rahas and modified whatever classes I needed.
I am confused by your comment though: isn't Rahas the WS-Trust implementation?? Best regards, Phil -----Original Message----- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2008 12:02 AM To: [email protected] Subject: Re: STS custom SAML issuer not working Hi Phil, You don't need to engage the rahas module for this scenario. Rahas module is only needed to do secure conversation. Rahas module [1] adds a module operation with the same action mapping, so I'm not sure whether this is causing a problem. Can you please try without engaging rahas. thanks, nandana [1] - http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-trust-mar/module.xml?view=markup On Thu, Oct 16, 2008 at 3:52 AM, Philippe Camus <[EMAIL PROTECTED]>wrote: > Hi, > > I am trying to implement a custom SAML token issuer for an STS server. The > documentation I am using is: > t<http://ws.apache.org/rampart/setting-up-sts.html> > > If, following the documentation, I remove the default Rampart module, then > I get an exception complaining that the Rampart module is not valid or has > not been deployed. > > If I deploy it normally, I receive the following exception: > > [WARN] triggerActionNotSupportedFault: messageContext: [MessageContext: > logID=ur > n:uuid:27E43CBA95C3534BB81224106538697] problemAction: > http://schemas.xmlsoap.or > g/ws/2005/02/trust/RST/Issue > [ERROR] The [action] cannot be processed at the receiver. > org.apache.axis2.AxisFault: The [action] cannot be processed at the > receiver. > at > org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingF > ault(AddressingFaultsHelper.java:373) > at > org.apache.axis2.addressing.AddressingFaultsHelper.triggerActionNotSu > pportedFault(AddressingFaultsHelper.java:336) > at > org.apache.axis2.handlers.addressing.AddressingValidationHandler.chec > kAction(AddressingValidationHandler.java:149) > at > org.apache.axis2.handlers.addressing.AddressingValidationHandler.invo > ke(AddressingValidationHandler.java:55) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq > uest(HTTPTransportUtils.java:275) > at > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 > 33) > > > Here is my services.xml: > > <?xml version="1.0" encoding="UTF-8"?> > <!-- > ! > ! Copyright 2006 The Apache Software Foundation. > ! > ! Licensed under the Apache License, Version 2.0 (the "License"); > ! you may not use this file except in compliance with the License. > ! You may obtain a copy of the License at > ! > ! http://www.apache.org/licenses/LICENSE-2.0 > ! > ! Unless required by applicable law or agreed to in writing, software > ! distributed under the License is distributed on an "AS IS" BASIS, > ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > ! See the License for the specific language governing permissions and > ! limitations under the License. > !--> > <!-- services.xml of Sample05 : WS Trust --> > <serviceGroup> > <service name="STS"> > <module ref="rampart" /> > <module ref="addressing" /> > <module ref="rahas" /> > <operation name="IssueToken" > mep="http://www.w3.org/2006/01/wsdl/in-out";> > <messageReceiver > class="org.apache.rahas.STSMessageReceiver"/> > > <!-- Action mapping to accept RST requests --> > <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT > </actionMapping> > <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue > </actionMapping> > <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew > </actionMapping> > <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel > </actionMapping> > <actionMapping> > http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> > <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate > </actionMapping> > > <parameter name="token-dispatcher-configuration"> > <token-dispatcher-configuration> > <!-- Issuers. You may have many issuers. --> > <issuer class="org.ihc.rampart.samples.MyIssuer" default="true"> > <configuration > type="parameter">saml-issuer-config</configuration> > <tokenType> > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 > </tokenType> > </issuer> > </token-dispatcher-configuration> > </parameter> > <parameter name="saml-issuer-config"> > <saml-issuer-config> > <issuerName>SAMPLE_STS</issuerName> > <issuerKeyAlias>service</issuerKeyAlias> > <issuerKeyPassword>apache</issuerKeyPassword> > <cryptoProperties> > <crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > <property > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> > <property > name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</property> > <property > name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> > </crypto> > </cryptoProperties> > <timeToLive>300000</timeToLive> > <keySize>256</keySize> > <addRequestedAttachedRef /> > <addRequestedUnattachedRef /> > > <!-- > Key computation mechanism > 1 - Use Request Entropy > 2 - Provide Entropy > 3 - Use Own Key > --> > <keyComputation>2</keyComputation> > > <!-- > proofKeyType element is valid only if the keyComputation is > set to 3 > i.e. Use Own Key > > Valid values are: EncryptedKey & BinarySecret > --> > <proofKeyType>BinarySecret</proofKeyType> > <trusted-services> > <service alias="service">*</service> > </trusted-services> > </saml-issuer-config> > </parameter> > > </operation> > > > <wsp:Policy wsu:Id="SigOnly" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > > <sp:RequireThumbprintReference/> > > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > > <sp:RequireThumbprintReference/> > > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:Wss10 xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss10> > <sp:SignedParts xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body/> > </sp:SignedParts> > > <ramp:RampartConfig xmlns:ramp=" > http://ws.apache.org/rampart/policy";> > <ramp:user>service</ramp:user> > > <ramp:encryptionUser>client</ramp:encryptionUser> > > > <ramp:passwordCallbackClass>org.ihc.rampart.samples.PWCBHandler</ramp:passwordCallbackClass> > > <ramp:signatureCrypto> > <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.file">C:/Softwares/Tools/rampart-1.4/samples/keys/service.jks</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> > </ramp:crypto> > </ramp:signatureCrypto> > > > </ramp:RampartConfig> > > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > > </service> > </serviceGroup> > > > > > Best regards, > > Phil > > -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
