Re: Rampart without addressing
Hi Nanadana: My source code in client side: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("build/client_repositories", null); ServiceClient client = new ServiceClient(ctx, null); Options options = new Options(); options.setAction("urn:echo"); options.setTo(new EndpointReference(" http://localhost:8081/axis2/services/RampartPolicy01";)); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY , loadPolicy("build/client_repositories/conf/policy.xml")); client.setOptions(options); client.engageModule("rampart"); OperationClient opClient = client.createClient( ServiceClient.ANON_OUT_IN_OP); XMLStreamReader xmlStreamReader = xmlItem.getXMLStreamReader(); //xmlItem has the xml: //http://schemas.xmlsoap.org/soap/envelope/";> // //http://policy.samples.gmv.org";> // // // // StAXBuilder builder = new StAXSOAPModelBuilder(xmlStreamReader,null); SOAPEnvelope env = (SOAPEnvelope) builder.getDocumentElement(); client.addHeadersToEnvelope(env); MessageContext mc = new MessageContext(); mc.setEnvelope(env); mc.setConfigurationContext(ctx); opClient.addMessageContext(mc); opClient.execute(true); The service.xml is: org.gmv.samples.policy.SimpleService http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; /> http://ws.apache.org/rampart/policy";> alice org.gmv.samples.policy.PWCBHandler The exception is: Exception in thread "main" org.apache.axis2.AxisFault: SOAP header missing at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java :486) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse( OutInAxisOperation.java:343) at org.apache.axis2.description.OutInAxisOperationClient.send( OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at org.gmv.samples.policy.Client.main(Client.java:100) Thanks, Nuria 2008/3/26, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > Hi Nuria, >The important thing is whether operation is correctly > dispatched when the security handlers are called. So can you give more > information about how you configure the services and the client. > > thanks, > /nandana > > On Tue, Mar 25, 2008 at 5:33 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I'd need to use policy with rampart module without using addressing module. > > Is it possible? > > > > I tested it and it works when I use sendReceive but when I execute an > > operation client doesn't work. > > > > Thanks, > > Nuria > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > 2008/3/26, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > Hi Nuria, >The important thing is whether operation is correctly > dispatched when the security handlers are called. So can you give more > information about how you configure the services and the client. > > thanks, > /nandana > > On Tue, Mar 25, 2008 at 5:33 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I'd need to use policy with rampart module without using addressing module. > > Is it possible? > > > > I tested it and it works when I use sendReceive but when I execute an > > operation client doesn't work. > > > > Thanks, > > Nuria > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Rampart without addressing
Hi, I'd need to use policy with rampart module without using addressing module. Is it possible? I tested it and it works when I use sendReceive but when I execute an operation client doesn't work. Thanks, Nuria
Rampart Policy
Hi, I'm using rampart with policy file. In rampart configuration I'm using a passwordCallbackClass where I defining the password. Is there a way to pass the password to this class through a constructor? Thanks, Nuria
Re: SAML token insertion using ServiceClient class.
Hi Nandana and Dimuthu, thanks for your comments, We have a more complex problem because we can manage/store only DOM elements in our Database (instead of Token elements) and would like to generate a Token from an assertion. We mean that we would like to do the following: 1) obtain a SAML assertion from the Token object (which has been obtained from the STS). 2) Save or change this SAML assertion as XML with a tool (without saving the Token object) (we have done the steps 1 and 2) 3) After this, in a different context, create a new Token from a SAML assertion that has been previously saved and use it in a new context sending it to the Service Provider. Could it be possible to do this? Thanks, Nuria 2008/3/12, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > You can implement a persistent token storage for this > scenario. So that you can persist the tokens you obtain and later use > them. Currently Rampart uses SimpleTokenStore which doesn't persist > tokens. To understand how Rampart store a SimpleTokenStore in the > configuration context, take a look at the getTokenStore() method in > the TrustUtil class [1]. You can also persist the token element in the > response in a file or database and create a token from it later when > needed. How create a token from the token element can be found in > processIssueResponse() method in the STSClient class [2]. > WSO2 WSAS has implemented a persistent token store which can > be found at SecurityTokenStore [2]. You can also take a look at it. > > thanks, > /nandana > > [1] - > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java > [2] - > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java > [3] - > https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML token insertion using ServiceClient class.
Hi Nandana, We are blocked in a similar case with a special scenario. As we have answered to Harvdev, we can send a SAML token received from a SAML authority directly to a Service Provider. But, we would like to invoke the Service Provider several times using a unique SAML token obtained previously. Would it be possible to include a known SAML token in a new context every time we call a service provider? How could we do this? Many thanks again Nuria 2008/3/3, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Hardev, > Can you please explain your scenario ? Do you want to add it > to the SOAP header ( specifically security header ) ? > > thanks, > /nandana > > On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian <[EMAIL PROTECTED]> > wrote: > > Hi, > > > > Is it possible to insert a saml token which has been acquired from a > third > > party into the soap request using ServiceClient class. > > > > Regards, > > > > Hardev > > > > > > Get the name you always wanted with the new y7mail email address. > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML token insertion using ServiceClient class.
Hi Hardev, We have an example that may help you (we don´t know exactly if is the same case): We invoke a STS service that provide us with a SAML token into a Token object. After this, we invoke the Service Provider using the SAML token obtained previously. >You can do this with these lines of code: Token responseToken = getSecurityResponseToken(context, policysec, stsEPR, properties); options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());context, policysec, stsEPR, properties); options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId)); KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId()); >And use the service client including these options. sender = new ServiceClient(ctx, null);new ServiceClient(ctx, null); sender.setOptions(options); >where the method getSecurityResponseToken is the following: private Token getSecurityResponseToken(ConfigurationContext ctx, Policy servicePolicy, String stsEPR, Properties properties) throws CTLDataException{ Token responseToken=null; STSClient stsClient; try { Policy stsPolicy = loadPolicy(properties,properties.getProperty( ConstantsUtils.STSPOLICY)); stsClient = new STSClient(ctx); stsClient.setRstTemplate(getRSTTemplate()); String action = TrustUtil.getActionValue(ConstantsUtils.RAHASVERSION, RahasConstants.RST_ACTION_ISSUE); stsClient.setAction(action); responseToken = stsClient.requestSecurityToken(servicePolicy, stsEPR, stsPolicy, null); } catch (TrustException e) { logger.error(e.getMessage() + ". Not possible to obtain security token"); } catch (Exception e) { logger.error(e.getMessage() + ". Not possible to obtain security token"); } return responseToken; } You have to take into account that the service will be invoked inmediately after the STS is received. We hope this helps, good luck!
SAML token
Hi Ruchith, I'm working with SAML token and I can see that there is a STSClient class in "*org.apache.axis2.security.trust.client*.STSClient" but I'm using "* org.apache.rahas.client*.STSClient". What is the main difference between these classes? I don't understand why STS Service needs the provider service policy. Is it necessary? The requestSecurityToken method returns a token with assertion. Does it make sense to have more than one assertion in the response security token? Thanks, Nuria
Re: Problem with SOAPHeader
Hi Ruchith, The exception has disappeared but when the client receives the response I receive the following exception: org.apache.axis2.AxisFault: Error in extracting message properties at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java :481) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse( OutInAxisOperation.java:360) at org.apache.axis2.description.OutInAxisOperationClient.send( OutInAxisOperation.java:406) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( OutInAxisOperation.java:219) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at com.gmv.teamengine.samples.client.Client.main(Client.java:90) 2008/3/10, Ruchith Fernando <[EMAIL PROTECTED]>: > Can you please try using this [1] jar ... instead of the one I sent > earlier... My guess is that the earlier jar file was generated before > that fix went in. > > > Thanks, > Ruchith > > 1. http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080310.022829-66.jar > > On Mon, Mar 10, 2008 at 4:00 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > > > > > Hi Ruchith, > > > > > > > > Thank you very much for your help. > > > > > > > > I used the new jar and I included the source code too but I'm having the > > same problem. > > > > Is it necessary to change something in my client side? > > > > > > > > Thanks, > > > > > > > > Nuria > > > > > > > > > > 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>: > > > I believe there will be another release of Axiom close to the release > > > of Axis2... maybe you will be able to try the latest > > > axiom-dom-SNAPSHOT.jar with your project. > > > > > > Please try the jar file available here : > > > > > > > > http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar > > > > > > Thanks, > > > Ruchith > > > > > > On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García > > > <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > > > > > Thank you very much. But how could I use this class in my project? > > > > Are you going to publish a new release of the axiom api? > > > > > > > > Regards, > > > > Nuria > > > > > > > > > > > > > > > > > > > > 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>: > > > > > > > > > > > > > > > > > > > > Hi Nuria, > > > > > > > > > > This is a bug in DOOM, the AXIOM DOM implementation. > > > > > > > > > > I just fixed this and checked it in. [1] > > > > > > > > > > Thanks, > > > > > Ruchith > > > > > > > > > > 1. http://svn.apache.org/viewvc?rev=634561&view=rev > > > > > > > > > > On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García > > > > > <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > I can't add information in SOAPHeader when I engage rampart and > > > > addressing > > > > > > module. > > > > > > > > > > > > My header is the following: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " > > > > > > soapenv:mustUnderstand="1"> > > > > > > > > > > > > > > > > > xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " > > > > > > wsu:Id="Timestamp-32653965"> > > > > > > 2008-03-06T11:37:41.497Z > > > > > > 2008-03-06T11:42:41.497Z > > > > > > > > > > > > > > > > > > > > > > > xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " > > > > > > wsu:Id="UsernameToken-11737724"> > > > > > > alice > > > > > > > > > > > > > > > > > Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-
Re: Problem with SOAPHeader
Hi Ruchith, Thank you very much for your help. I used the new jar and I included the source code too but I'm having the same problem. Is it necessary to change something in my client side? Thanks, Nuria 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>: > > I believe there will be another release of Axiom close to the release > of Axis2... maybe you will be able to try the latest > axiom-dom-SNAPSHOT.jar with your project. > > Please try the jar file available here : > > > http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar > > Thanks, > Ruchith > > On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Thank you very much. But how could I use this class in my project? > > Are you going to publish a new release of the axiom api? > > > > Regards, > > Nuria > > > > > > > > > > 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>: > > > > > > > > > > > > Hi Nuria, > > > > > > This is a bug in DOOM, the AXIOM DOM implementation. > > > > > > I just fixed this and checked it in. [1] > > > > > > Thanks, > > > Ruchith > > > > > > 1. http://svn.apache.org/viewvc?rev=634561&view=rev > > > > > > On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García > > > <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I can't add information in SOAPHeader when I engage rampart and > > addressing > > > > module. > > > > > > > > My header is the following: > > > > > > > > > > > > > > > > > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > > > soapenv:mustUnderstand="1"> > > > > > > > > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > > > wsu:Id="Timestamp-32653965"> > > > > 2008-03-06T11:37:41.497Z > > > > 2008-03-06T11:42:41.497Z > > > > > > > > > > > > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > > > wsu:Id="UsernameToken-11737724"> > > > > alice > > > > > > > > > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">bobPW > > > > > > > > > > > > > > > > > > > nameAttachFile="FileTestA.txt"/> > > > > > > > nameAttachFile="FileTestA.txt"/> > > > > > > > > http://localhost:8081/axis2/services/SWASampleService > > > > > > urn:uuid:E23726932EDEB77EB81204803460112 > > > > process > > > > > > > > > > > > I receive the following exception in server side: > > > > java.lang.NullPointerException > > > > at > > > > > org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR > > > > I(SOAPHeaderImpl.java:244) > > > > at > > org.apache.rampart.RampartEngine.process(RampartEngine.java:96) > > > > at > > > > org.apache.rampart.handler.RampartReceiver.invoke( > RampartReceiver.jav > > > > a:85) > > > > at org.apache.axis2.engine.Phase.invoke(Phase.java:292) > > > > at > > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235) > > > > at > > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) > > > > at > > > > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq > > > > uest(HTTPTransportUtils.java:275) > > > > at > > > > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java > :1 > > > > 21) > > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java > :709) > > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java > :802) > > > > at > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > (Appl > > > > icationFilterChain.java:237) > > > > > > > > > > > > I don't know if it is possible and I would need to know if there is > a > > way to > > > > do it. > > > > If I engage only addressing module this works. > > > > > > > > Thanks, Nuria > > > > > > > > > > > > -- > > > http://blog.ruchith.org > > > http://wso2.org > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > -- > http://blog.ruchith.org > http://wso2.org > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
SAML Token returned in clear over HTTPS
Hi, Is it possible with STS service? Thanks, Nuria
Re: Problem with SOAPHeader
Hi, Thank you very much. But how could I use this class in my project? Are you going to publish a new release of the axiom api? Regards, Nuria 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>: > > Hi Nuria, > > This is a bug in DOOM, the AXIOM DOM implementation. > > I just fixed this and checked it in. [1] > > Thanks, > Ruchith > > 1. http://svn.apache.org/viewvc?rev=634561&view=rev > > On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García > <[EMAIL PROTECTED]> wrote: > > Hi, > > I can't add information in SOAPHeader when I engage rampart and > addressing > > module. > > > > My header is the following: > > > > > > > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > soapenv:mustUnderstand="1"> > > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="Timestamp-32653965"> > > 2008-03-06T11:37:41.497Z > > 2008-03-06T11:42:41.497Z > > > > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="UsernameToken-11737724"> > > alice > > > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">bobPW > > > > > > > > > nameAttachFile="FileTestA.txt"/> > > > nameAttachFile="FileTestA.txt"/> > > > > http://localhost:8081/axis2/services/SWASampleService > > urn:uuid:E23726932EDEB77EB81204803460112 > > process > > > > > > I receive the following exception in server side: > > java.lang.NullPointerException > > at > > org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR > > I(SOAPHeaderImpl.java:244) > > at org.apache.rampart.RampartEngine.process(RampartEngine.java > :96) > > at > > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav > > a:85) > > at org.apache.axis2.engine.Phase.invoke(Phase.java:292) > > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java > :235) > > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java > :135) > > at > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq > > uest(HTTPTransportUtils.java:275) > > at > > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 > > 21) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > > icationFilterChain.java:237) > > > > > > I don't know if it is possible and I would need to know if there is a > way to > > do it. > > If I engage only addressing module this works. > > > > Thanks, Nuria > > > > -- > http://blog.ruchith.org > http://wso2.org > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Problem with SOAPHeader
Hi, I can't add information in SOAPHeader when I engage rampart and addressing module. My header is the following: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-32653965"> 2008-03-06T11:37:41.497Z 2008-03-06T11:42:41.497Z http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-11737724"> alice http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">bobPW http://localhost:8081/axis2/services/SWASampleService urn:uuid:E23726932EDEB77EB81204803460112 process I receive the following exception in server side: java.lang.NullPointerException at org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR I(SOAPHeaderImpl.java:244) at org.apache.rampart.RampartEngine.process(RampartEngine.java:96) at org.apache.rampart.handler.RampartReceiver.invoke( RampartReceiver.jav a:85) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq uest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost( AxisServlet.java:1 21) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (Appl icationFilterChain.java:237) I don't know if it is possible and I would need to know if there is a way to do it. If I engage only addressing module this works. Thanks, Nuria
Engage Modules and SOAPHeader
Hi Nandana, I would need to know what's the influence of engaging addressing and rampart modules on the SOAP header management. I would like to add more information into the header in addition to the information set by default by this components and I don't know if it's possible to do that . I'm trying to get the header set by default by these modules and trying to modify it with more parameters before sending the SOAP message. Thanks, Nuria
Re: SAML with Axis2
Hi Nandana: I have a doubt about SAML Token. Could I receive from the STS service a SAML token without sign it? I want STS service return a SAML token in clear over HTTPS. Is this possible? Thanks, Nuria 2008/2/28, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > I've some questions about the ConfigurationContext > > We have to create ConfigurationContext when we use WS-Security (Rampart) > or > > WS-Addressing because in these cases we need to use modules (rampart and > > addressing). > > Yes, IFAIK when you are using Rampart you need to have a client > repository which has Rampart module and you have to create a > configuration context using that repository so that the Rampart module > will be available to be engaged. > > > Could I manage soap header when I use the addressing module? > > What do you mean by managing the SOAP header ? > > thanks, > /nandana > > > > 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > > > Hi Nuria, > > > > > > > A client accessing a WebService, and a SAML Authority (STS): > > > > > > > > 1) Have the client and the web Service to access to the same SAML > > Authority? > > > > (I have read anywhere that the SAML Authority only can be of STS > type). > > > > > > Client needs access to the STS as it requires to get tokens from the > STS. > > And > > > Client <---> STS and > > > STS<---> Web > > > must trust each other. Sometimes service don't need to access the STS > > > to validate the SAML token. In the examples of Rampart, service itself > > > validates the SAML token and it doesn't access the STS. But there is a > > > pre configured trust between the STS and the service. > > > > > > > 2) Covers RAHAS all the scenarios of SAML interaction between these > > actors > > > > or there are any limitations currently? > > > > > > RAMPART/RAHAS can use SAML token as a supporting token and as a > > > protection token. So those two scenarios are pretty covered. > > > WS Trust specification defines four bindings. Namely Issue , Validate, > > > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue > > > and Cancel bindings. But we may be able to get the other two bindings > > > working before the next release of Apache Rampart. > > > > > > thanks, > > > /nandana > > > > > > > > > > > > > > > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > > > > > Hi Jens, > > > > > Not at the moment. But we will include a one before next > release. > > > > > > > > > > thanks, > > > > > nandana > > > > > > > > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer > > > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Hello Nunny, > > > > > > > > > > > > is there any sample available where the SAML token can be used > as a > > > > > > protection token for signing and encrypting messages? > > > > > > > > > > > > Thanks, > > > > > > Jens > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Nunny wrote: > > > > > > > > > > > > > > Hi Nuria, > > > > > > > > > > > > > >> I've some doubts about SAML with axis2. I need to know if > the > > > > sample05 > > > > > > >> covers all the the SAML cases. > > > > > > > > > > > > > > No, it covers only one scenario. For example, this uses SAML > > token as > > > > a > > > > > > > supporting token. There is another scenarios where SAML token > can > > be > > > > > > > used as a protection token where it will be used to sign and > > encrypt > > > > > > > messages. > > > > > > > > > > > > > > > > > > > > > > > > > > > >> We first receive the SAML token response then we indicate, > in > > the > > > > options > > > > > > >> the responseToken id > > > > > > >> I don't know where we are sending to the server the SAML > > assertion > > > > in the > > > > > > >> soapMessage > > > > > > > > > > > > > > When the id is set, Rampart message builders add the > assertion to > > the > > > > > > > security > > > > > > > header according to the security policy. If you monitor the > > messages > > > > > > > exchanged > > > > > > > through TCPMon, then you can actually see the SAML assertion > in > > the > > > > > > > security > > > > > > > header of the SOAP request to the service. > > > > > > > > > > > > > >> Another thing is to know what are the requestSecurityToken > > > > parameters. > > > > > > > > > > > > > > In the client, we set these parameters using RST template. > > > > > > > > > > > > > > private static OMElement getRSTTemplate() throws > Exception { > > > > > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > > > > > OMElement elem = > > > > > > > > > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); > > > > > > > > > TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, > > > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10); > > > > > > > > > TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, > > > > elem, > > > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY); > >
[Axis2] SSL server certificate
Hello: I'm using Axis2 and I need to use SSL to connect to a WS. In server side I do the following: I configure the server.xml file in tomcat. I have: Then I generate a server certificate doing the following: keytool -genkey -alias tomcat -keyalg RSA keytool -export -alias tomcat -storepass changeit -file server.cer keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -keypass changeit -storepass changeit I start-up tomcat and when I call the service using the EPR "https://mymachine:8443/ " I receive the following exception: I/O exception (org.apache.axis2.AxisFault) caught when processing request: *sun.security.validator.ValidatorException*: PKIX path building failed: * sun.security.provider.certpath.SunCertPathBuilderException*: unable to find valid certification path to requested target I don't know if I need to indicate something from the client side. Thanks, Nuria
Re: SAML with Axis2
Hello Nandana: I've some questions about the ConfigurationContext We have to create ConfigurationContext when we use WS-Security (Rampart) or WS-Addressing because in these cases we need to use modules (rampart and addressing). So when I want to add information in the SOAPHeader using SWA (Soap with Attachment) I've problems. Could I manage soap header when I use the addressing module? Thanks, Nuria 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > A client accessing a WebService, and a SAML Authority (STS): > > > > 1) Have the client and the web Service to access to the same SAML > Authority? > > (I have read anywhere that the SAML Authority only can be of STS type). > > Client needs access to the STS as it requires to get tokens from the STS. > And > Client <---> STS and > STS<---> Web > must trust each other. Sometimes service don't need to access the STS > to validate the SAML token. In the examples of Rampart, service itself > validates the SAML token and it doesn't access the STS. But there is a > pre configured trust between the STS and the service. > > > 2) Covers RAHAS all the scenarios of SAML interaction between these > actors > > or there are any limitations currently? > > RAMPART/RAHAS can use SAML token as a supporting token and as a > protection token. So those two scenarios are pretty covered. > WS Trust specification defines four bindings. Namely Issue , Validate, > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue > and Cancel bindings. But we may be able to get the other two bindings > working before the next release of Apache Rampart. > > thanks, > /nandana > > > > > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > Hi Jens, > > > Not at the moment. But we will include a one before next release. > > > > > > thanks, > > > nandana > > > > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > Hello Nunny, > > > > > > > > is there any sample available where the SAML token can be used as a > > > > protection token for signing and encrypting messages? > > > > > > > > Thanks, > > > > Jens > > > > > > > > > > > > > > > > > > > > > > > > Nunny wrote: > > > > > > > > > > Hi Nuria, > > > > > > > > > >> I've some doubts about SAML with axis2. I need to know if the > > sample05 > > > > >> covers all the the SAML cases. > > > > > > > > > > No, it covers only one scenario. For example, this uses SAML > token as > > a > > > > > supporting token. There is another scenarios where SAML token can > be > > > > > used as a protection token where it will be used to sign and > encrypt > > > > > messages. > > > > > > > > > > > > > > > > > > > >> We first receive the SAML token response then we indicate, in > the > > options > > > > >> the responseToken id > > > > >> I don't know where we are sending to the server the SAML > assertion > > in the > > > > >> soapMessage > > > > > > > > > > When the id is set, Rampart message builders add the assertion to > the > > > > > security > > > > > header according to the security policy. If you monitor the > messages > > > > > exchanged > > > > > through TCPMon, then you can actually see the SAML assertion in > the > > > > > security > > > > > header of the SOAP request to the service. > > > > > > > > > >> Another thing is to know what are the requestSecurityToken > > parameters. > > > > > > > > > > In the client, we set these parameters using RST template. > > > > > > > > > > private static OMElement getRSTTemplate() throws Exception { > > > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > > > OMElement elem = > > > > > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE > ); > > > > > TrustUtil.createTokenTypeElement( > RahasConstants.VERSION_05_02, > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10); > > > > > TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02 > , > > elem, > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY); > > > > > TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02 > , > > elem, 256); > > > > > return elem; > > > > > } > > > > > > > > > > These parameters are defined in the WS Trust specification [1]. > > > > > > > > > > /nandana > > > > > > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > > > > > > > > > http://nandana83.blogspot.com/ > > > > > http://nandanasm.wordpress.com/ > > > > > > > > > > > > > > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > -- > > > > View this message in context: > > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html > > > > Sent from the Axis - User mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > > >
Re: WS-Addressing help
Thank you very much for the information. Is there any example that uses handlers in the server side? Regards, Nuria. 2008/2/25, Brian De Pradine <[EMAIL PROTECTED]>: > > > Hi Nuria, > > You can find information about WS-Addressing support and samples here, [1] > and [2]. > > You can find some information on WS-Policy support here, [3] > > [1] http://ws.apache.org/axis2/1_3/adv-userguide.html#client > [2] http://ws.apache.org/axis2/1_3/dii.html > [3] http://ws.apache.org/axis2/1_3/WS_policy.html > > Cheers > > Brian DePradine > Web Services Development > IBM Hursley > External +44 (0) 1962 816319 Internal 246319 > > If you can't find the time to do it right the first time, where will you > find the time to do it again? > > > "Nuria Rodríguez García" <[EMAIL PROTECTED]> wrote on 25/02/2008 > 12:12:03: > > > Hi, > > > > I'm new in WS-Addressing and I need help. > > > > I can't find a complete sample (client, service side and if it is > > possible documentation) where ws-addressing is being used. > > > > Moreover I need to know if it's possible to configurate ws- > > addressing with ws-policy. > > > > > > Thanks, Nuria > > > -- > > * > * > > *Unless stated otherwise above: > IBM United Kingdom Limited - Registered in England and Wales with number > 741598. > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU > * > > > > > > >
WS-Addressing help
Hi, I'm new in WS-Addressing and I need help. I can't find a complete sample (client, service side and if it is possible documentation) where ws-addressing is being used. Moreover I need to know if it's possible to configurate ws-addressing with ws-policy. Thanks, Nuria
Re: SAML with Axis2
Hello Nandana: Thank you very much for your information. In the last email you told me about the two scenarios that RAMPART/RAHAS covers. I don't understand what the meaning of each one of these bindings is. Could you explain a little more about these scenarios? In a document I read that there are two ways to obtain saml token. Is this possible with rampart/rahas? The two ways are the following: *Security Token Acquisition* *Issued Security Token* Thanks, Nuria 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > Hi Nuria, > > > A client accessing a WebService, and a SAML Authority (STS): > > > > 1) Have the client and the web Service to access to the same SAML Authority? > > (I have read anywhere that the SAML Authority only can be of STS type). > > Client needs access to the STS as it requires to get tokens from the STS. And > Client <---> STS and > STS<---> Web > must trust each other. Sometimes service don't need to access the STS > to validate the SAML token. In the examples of Rampart, service itself > validates the SAML token and it doesn't access the STS. But there is a > pre configured trust between the STS and the service. > > > 2) Covers RAHAS all the scenarios of SAML interaction between these actors > > or there are any limitations currently? > > RAMPART/RAHAS can use SAML token as a supporting token and as a > protection token. So those two scenarios are pretty covered. > WS Trust specification defines four bindings. Namely Issue , Validate, > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue > and Cancel bindings. But we may be able to get the other two bindings > working before the next release of Apache Rampart. > > thanks, > /nandana > > > > > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > Hi Jens, > > > Not at the moment. But we will include a one before next release. > > > > > > thanks, > > > nandana > > > > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > Hello Nunny, > > > > > > > > is there any sample available where the SAML token can be used as a > > > > protection token for signing and encrypting messages? > > > > > > > > Thanks, > > > > Jens > > > > > > > > > > > > > > > > > > > > > > > > Nunny wrote: > > > > > > > > > > Hi Nuria, > > > > > > > > > >> I've some doubts about SAML with axis2. I need to know if the > > sample05 > > > > >> covers all the the SAML cases. > > > > > > > > > > No, it covers only one scenario. For example, this uses SAML token as > > a > > > > > supporting token. There is another scenarios where SAML token can be > > > > > used as a protection token where it will be used to sign and encrypt > > > > > messages. > > > > > > > > > > > > > > > > > > > >> We first receive the SAML token response then we indicate, in the > > options > > > > >> the responseToken id > > > > >> I don't know where we are sending to the server the SAML assertion > > in the > > > > >> soapMessage > > > > > > > > > > When the id is set, Rampart message builders add the assertion to the > > > > > security > > > > > header according to the security policy. If you monitor the messages > > > > > exchanged > > > > > through TCPMon, then you can actually see the SAML assertion in the > > > > > security > > > > > header of the SOAP request to the service. > > > > > > > > > >> Another thing is to know what are the requestSecurityToken > > parameters. > > > > > > > > > > In the client, we set these parameters using RST template. > > > > > > > > > > private static OMElement getRSTTemplate() throws Exception { > > > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > > > OMElement elem = > > > > > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE ); > > > > > TrustUtil.createTokenTypeElement( RahasConstants.VERSION_05_02, > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10); > > > > > TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02 , > > elem, > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY); > > > > > TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02 , > > elem, 256); > > > > > return elem; > > > > > } > > > > > > > > > > These parameters are defined in the WS Trust specification [1]. > > > > > > > > > > /nandana > > > > > > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > > > > > > > > > http://nandana83.blogspot.com/ > > > > > http://nandanasm.wordpress.com/ > > > > > > > > > > > > > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > -- > > > > View this message in context: > > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html > > > > Sent from the Axis - User mailing list archive at Nabble.com. > > > >
Re: SAML with Axis2
Hi Nandana, Regarding to the last mail: We are using STS as SAML Authority using RAHAS module and we would need to tell our customer what can be done for the moment using RAHAS (and what can´t be done, we don´t want to give too many expectations). In an scenario where we have the following actors: A client accessing a WebService, and a SAML Authority (STS): 1) Have the client and the web Service to access to the same SAML Authority? (I have read anywhere that the SAML Authority only can be of STS type). 2) Covers RAHAS all the scenarios of SAML interaction between these actors or there are any limitations currently? Thanks, Nuria 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Jens, > Not at the moment. But we will include a one before next release. > > thanks, > nandana > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer > <[EMAIL PROTECTED]> wrote: > > > > Hello Nunny, > > > > is there any sample available where the SAML token can be used as a > > protection token for signing and encrypting messages? > > > > Thanks, > > Jens > > > > > > > > > > > > Nunny wrote: > > > > > > Hi Nuria, > > > > > >> I've some doubts about SAML with axis2. I need to know if the > sample05 > > >> covers all the the SAML cases. > > > > > > No, it covers only one scenario. For example, this uses SAML token as > a > > > supporting token. There is another scenarios where SAML token can be > > > used as a protection token where it will be used to sign and encrypt > > > messages. > > > > > > > > > > > >> We first receive the SAML token response then we indicate, in the > options > > >> the responseToken id > > >> I don't know where we are sending to the server the SAML assertion > in the > > >> soapMessage > > > > > > When the id is set, Rampart message builders add the assertion to the > > > security > > > header according to the security policy. If you monitor the messages > > > exchanged > > > through TCPMon, then you can actually see the SAML assertion in the > > > security > > > header of the SOAP request to the service. > > > > > >> Another thing is to know what are the requestSecurityToken > parameters. > > > > > > In the client, we set these parameters using RST template. > > > > > > private static OMElement getRSTTemplate() throws Exception { > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > OMElement elem = > > > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); > > > TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10); > > > TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, > elem, > > > RahasConstants.KEY_TYPE_PUBLIC_KEY); > > > TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, > elem, 256); > > > return elem; > > > } > > > > > > These parameters are defined in the WS Trust specification [1]. > > > > > > /nandana > > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > > > > > http://nandana83.blogspot.com/ > > > http://nandanasm.wordpress.com/ > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > -- > > View this message in context: > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html > > Sent from the Axis - User mailing list archive at Nabble.com. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
Hi Nandana, I've a doubt about the STS. Do the service and client limited to deploy the rahas module to use STS or they can use different type of SAML Authority?. If the SAML authority is not STS could our client connect to this SAML authority or is limited to the STS? Thanks, Nuria 2008/2/12, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > I've some doubts about SAML with axis2. I need to know if the sample05 > > covers all the the SAML cases. > > No, it covers only one scenario. For example, this uses SAML token as a > supporting token. There is another scenarios where SAML token can be > used as a protection token where it will be used to sign and encrypt > messages. > > > We first receive the SAML token response then we indicate, in the > options > > the responseToken id > > I don't know where we are sending to the server the SAML assertion in > the > > soapMessage > > When the id is set, Rampart message builders add the assertion to the > security > header according to the security policy. If you monitor the messages > exchanged > through TCPMon, then you can actually see the SAML assertion in the > security > header of the SOAP request to the service. > > > Another thing is to know what are the requestSecurityToken parameters. > > In the client, we set these parameters using RST template. > >private static OMElement getRSTTemplate() throws Exception { >OMFactory fac = OMAbstractFactory.getOMFactory(); >OMElement elem = > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); >TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, > elem).setText(RahasConstants.TOK_TYPE_SAML_10); >TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, > RahasConstants.KEY_TYPE_PUBLIC_KEY); >TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, > 256); >return elem; >} > > These parameters are defined in the WS Trust specification [1]. > > /nandana > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
I can't see the assertion in the header of the message. Could it be because this information is encryptied? The soap message is the following: http://schemas.xmlsoap.org/soap/envelope/"xmlns:xenc ="http://www.w3.org/2001/04/xmlenc#";> http://www.w3.org/2005/08/addressing";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " soapenv:mustUnderstand="1"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="Timestamp-18655235"> 2008-02-11T08:29:14.629Z 2008-02-11T08:34:14.629Z http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> http://www.w3.org/2000/09/xmldsig#";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary " ValueType=" http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 ">HYL371NzoOs2+IA24VDkBGcUFQM= NS8hopFGnXC0p1Wma5EppZyhltrqoG/Xc6awAEYNoP8ZG7OCIbss4n9EbiKvE/Cc7qoJaJF7hbjp0fpTASStbb4/mABDSw6ZhYmS5VOgZpKnSyiX1DVeyWpXZkJmw2pFfZwXwlV0Z7zL05+TtY+fA/ofPBlUCnrBJFYOaeUYMlA= http://www.w3.org/2000/09/xmldsig#"; Id=" Signature-18871350"> http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#hmac-sha1 "/> http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#sha1"/> kTTbXVwC6Hqhw+aPoSClk+I1MQ8= http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#sha1"/> QL1srEXsHEJxBVvISWC6qqC135Q= Pl4+PwCkehIyXTKWaruQTsS7gGE= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="STRId-18725445"> http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-soap-message-security-1.1#EncryptedKey "/> http://localhost:8081/axis2/services/sample05?wsdl urn:uuid:7CD0DAE693C1E94AFF1202718554608 urn:echo http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="Id-14721926"> http://sample05.policy.samples.rampart.apache.org";> Hello world1 2008/2/12, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > I've some doubts about SAML with axis2. I need to know if the sample05 > > covers all the the SAML cases. > > No, it covers only one scenario. For example, this uses SAML token as a > supporting token. There is another scenarios where SAML token can be > used as a protection token where it will be used to sign and encrypt > messages. > > > We first receive the SAML token response then we indicate, in the > options > > the responseToken id > > I don't know where we are sending to the server the SAML assertion in > the > > soapMessage > > When the id is set, Rampart message builders add the assertion to the > security > header according to the security policy. If you monitor the messages > exchanged > through TCPMon, then you can actually see the SAML assertion in the > security > header of the SOAP request to the service. > > > Another thing is to know what are the requestSecurityToken parameters. > > In the client, we set these parameters using RST template. > >private static OMElement getRSTTemplate() throws Exception { >OMFactory fac = OMAbstractFactory.getOMFactory(); >OMElement elem = > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE); >TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, > elem).setText(RahasConstants.TOK_TYPE_SAML_10); >TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, > RahasConstants.KEY_TYPE_PUBLIC_KEY); >TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, > 256); >return elem; >} > > These parameters are defined in the WS Trust specification [1]. > > /nandana > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
Hi again: I've some doubts about SAML with axis2. I need to know if the sample05 covers all the the SAML cases. We first receive the SAML token response then we indicate, in the options the responseToken id I don't know where we are sending to the server the SAML assertion in the soapMessage Another thing is to know what are the requestSecurityToken parameters. Thanks, Nuria 2008/2/8, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, Are you using the latest Rampart jars ? Can you post the > SOAP > response you get from the server ? > I checked the sample with the trunk and it worked fine for me. > Please take a look at this [1] thread too. > > Thanks, > /nandana > > [1] - http://marc.info/?t=12017867083&r=1&w=2 > > On Feb 8, 2008 7:03 PM, Nuria Rodríguez García <[EMAIL PROTECTED]> > wrote: > > Hi Nandana, > > > > I could deploy the services without problem. But now when I execute the > > client side I receive the following error. > > Exception in thread "main" org.apache.axis2.AxisFault: An error was > > discovered processing the header. (Reference URI is > > null)[java] at > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java > :486)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > OutInAxisOperation.java:343)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.send( > OutInAxisOperation.java:389)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl( > OutInAxisOperation.java:211)[java] > > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java > :163)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :528)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :508)[java] > > at org.apache.rampart.samples.policy.sample05.Client.main(Unknown > Source) > > > > I could see that the Assertion doesn't appear in the soap envelope > header > > > > Thanks, > > Nuria > > > > 2008/2/7, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > > > > > > > > Hi Nuria, > > > > > > > In sample05 I can see that in the "requestSecurityToken" method the > EPR > > that > > > > It's used is http://localhost:8080/axis2/services/STS but if I put > this > > url > > > > in my browser I receive an error page > > > > > > Did you follow the following steps ? > > > > > > 1.) Set the AXIS2_HOME system variable to point to your axis2 home > > directory > > > > > > 2.) Run the ant task "service.05" ( you have to have apache ant > installed > > ) > > > eg.) > > > /path-to-rampart-source/modules/rampart-samples/policy$ ant service.05 > > > > > > you must then be able to see something like > > > > > > [java] [SimpleHTTPServer] Starting > > > [java] [SimpleHTTPServer] Using the Axis2 Repository > > > > > > /home/nandana/work/workspace/apache/rampart/modules/rampart-samples/policy/build/service_repositories/sample05 > > > [java] [SimpleHTTPServer] Listening on port 8080 > > > [java] [SimpleHTTPServer] Started > > > [java] 2008-02-07 16:39:25,670 INFO > > > org.apache.axis2.transport.http.server.DefaultConnectionListener - > > > Listening on port 8080 > > > > > > along with some other information in the console and > > > > > > http://localhost:8080/axis2/services/STS?wsdl > > > http://localhost:8080/axis2/services/sample05?wsdl > > > > > > should show the WSDLs of the STS and the service. > > > > > > regards, > > > nandana > > > > > > http://nandana83.blogspot.com/ > > > http://nandanasm.wordpress.com/ > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
Hi again!! Well, I have put all in SNAPSHOT and works. Thank you very much. 2008/2/8, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > Are you using the latest Rampart jars ? Can you post the SOAP > response you get from the server ? > I checked the sample with the trunk and it worked fine for me. > Please take a look at this [1] thread too. > > Thanks, > /nandana > > [1] - http://marc.info/?t=120178670800003&r=1&w=2 > > On Feb 8, 2008 7:03 PM, Nuria Rodríguez García <[EMAIL PROTECTED]> > wrote: > > Hi Nandana, > > > > I could deploy the services without problem. But now when I execute the > > client side I receive the following error. > > Exception in thread "main" org.apache.axis2.AxisFault: An error was > > discovered processing the header. (Reference URI is > > null)[java] at > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java > :486)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > OutInAxisOperation.java:343)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.send( > OutInAxisOperation.java:389)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl( > OutInAxisOperation.java:211)[java] > > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java > :163)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :528)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :508)[java] > > at org.apache.rampart.samples.policy.sample05.Client.main(Unknown > Source) > > > > I could see that the Assertion doesn't appear in the soap envelope > header > > > > Thanks, > > Nuria > > > > 2008/2/7, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > > > > > > > > Hi Nuria, > > > > > > > In sample05 I can see that in the "requestSecurityToken" method the > EPR > > that > > > > It's used is http://localhost:8080/axis2/services/STS but if I put > this > > url > > > > in my browser I receive an error page > > > > > > Did you follow the following steps ? > > > > > > 1.) Set the AXIS2_HOME system variable to point to your axis2 home > > directory > > > > > > 2.) Run the ant task "service.05" ( you have to have apache ant > installed > > ) > > > eg.) > > > /path-to-rampart-source/modules/rampart-samples/policy$ ant service.05 > > > > > > you must then be able to see something like > > > > > > [java] [SimpleHTTPServer] Starting > > > [java] [SimpleHTTPServer] Using the Axis2 Repository > > > > > > /home/nandana/work/workspace/apache/rampart/modules/rampart-samples/policy/build/service_repositories/sample05 > > > [java] [SimpleHTTPServer] Listening on port 8080 > > > [java] [SimpleHTTPServer] Started > > > [java] 2008-02-07 16:39:25,670 INFO > > > org.apache.axis2.transport.http.server.DefaultConnectionListener - > > > Listening on port 8080 > > > > > > along with some other information in the console and > > > > > > http://localhost:8080/axis2/services/STS?wsdl > > > http://localhost:8080/axis2/services/sample05?wsdl > > > > > > should show the WSDLs of the STS and the service. > > > > > > regards, > > > nandana > > > > > > http://nandana83.blogspot.com/ > > > http://nandanasm.wordpress.com/ > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
Hi, I'm using rampart-1.3. The soap response I get from the server is: http://schemas.xmlsoap.org/soap/envelope/"xmlns:wsa ="http://www.w3.org/2005/08/addressing";> http://www.w3.org/2005/08/addressing/soap/fault urn:uuid:491E0CE6F9BE8324DB1202511282800 soapenv:Server An error was discovered processing the <wsse:Security>header. (Reference URI is null) org.apache.axis2.AxisFault: An error was discovered processing the <wsse:Security> header. (Reference URI is null) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java :88) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest (HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java :256) at org.apache.axis2.transport.http.server.AxisHttpService.doService( AxisHttpService.java:259) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest( AxisHttpService.java:166) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run( HttpServiceProcessor.java:85) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask (ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:690) at java.lang.Thread.run(Unknown Source) Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header. (Reference URI is null) at org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement( SecurityTokenReference.java:192) at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature( SignatureProcessor.java:197) at org.apache.ws.security.processor.SignatureProcessor.handleToken( SignatureProcessor.java:85) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( WSSecurityEngine.java:284) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( WSSecurityEngine.java:206) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( WSSecurityEngine.java:159) at org.apache.rampart.RampartEngine.process(RampartEngine.java:127) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java :85) ... 11 more Thanks, Nuria 2008/2/8, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > Are you using the latest Rampart jars ? Can you post the SOAP > response you get from the server ? > I checked the sample with the trunk and it worked fine for me. > Please take a look at this [1] thread too. > > Thanks, > /nandana > > [1] - http://marc.info/?t=12017867083&r=1&w=2 > > On Feb 8, 2008 7:03 PM, Nuria Rodríguez García <[EMAIL PROTECTED]> > wrote: > > Hi Nandana, > > > > I could deploy the services without problem. But now when I execute the > > client side I receive the following error. > > Exception in thread "main" org.apache.axis2.AxisFault: An error was > > discovered processing the header. (Reference URI is > > null)[java] at > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java > :486)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > OutInAxisOperation.java:343)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.send( > OutInAxisOperation.java:389)[java] > > at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl( > OutInAxisOperation.java:211)[java] > > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java > :163)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :528)[java] > > at > > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java > :508)[java] > > at org.apache.rampart.samples.policy.sample05.Client.main(Unknown > Source) > > > > I could see that the Assertion doesn't appear in the soap envelope > header > > > > Thanks, > > Nuria > > > > 2008/2/7, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > > > > > > > > Hi Nuria, > > > > > > > In sample05 I can see that in the "requestSecurityToken" method the > EPR > > that > > > > It's used is http://localhost:8080/axis2/services/STS but if I put > this > > url > > > > in my browser I receive an error page > > > > > > Did you follow the following steps ? > > > > > > 1.) Set the AXIS2_HOME syst
Re: SAML with Axis2
Hi Nandana, I could deploy the services without problem. But now when I execute the client side I receive the following error. Exception in thread "main" org.apache.axis2.AxisFault: An error was discovered processing the header. (Reference URI is null)[* java*] at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(* Utils.java:486*)[*java*] at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(* OutInAxisOperation.java:343*)[*java*] at org.apache.axis2.description.OutInAxisOperationClient.send(* OutInAxisOperation.java:389*)[*java*] at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(* OutInAxisOperation.java:211*)[*java*] at org.apache.axis2.client.OperationClient.execute(*OperationClient.java:163*)[ *java*] at org.apache.axis2.client.ServiceClient.sendReceive(* ServiceClient.java:528*)[*java*] at org.apache.axis2.client.ServiceClient.sendReceive(*ServiceClient.java:508*)[ *java*] at org.apache.rampart.samples.policy.sample05.Client.main(Unknown Source) I could see that the Assertion doesn't appear in the soap envelope header Thanks, Nuria 2008/2/7, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > In sample05 I can see that in the "requestSecurityToken" method the EPR > that > > It's used is http://localhost:8080/axis2/services/STS but if I put this > url > > in my browser I receive an error page > > Did you follow the following steps ? > > 1.) Set the AXIS2_HOME system variable to point to your axis2 home > directory > > 2.) Run the ant task "service.05" ( you have to have apache ant installed > ) > eg.) > /path-to-rampart-source/modules/rampart-samples/policy$ ant service.05 > > you must then be able to see something like > > [java] [SimpleHTTPServer] Starting > [java] [SimpleHTTPServer] Using the Axis2 Repository > > /home/nandana/work/workspace/apache/rampart/modules/rampart-samples/policy/build/service_repositories/sample05 > [java] [SimpleHTTPServer] Listening on port 8080 > [java] [SimpleHTTPServer] Started > [java] 2008-02-07 16:39:25,670 INFO > org.apache.axis2.transport.http.server.DefaultConnectionListener - > Listening on port 8080 > > along with some other information in the console and > > http://localhost:8080/axis2/services/STS?wsdl > http://localhost:8080/axis2/services/sample05?wsdl > > should show the WSDLs of the STS and the service. > > regards, > nandana > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: SAML with Axis2
Thank you very much for your help. I've deployed the rahas module. But now I don't know what is the EPR to connect to the STS service. In sample05 I can see that in the "requestSecurityToken" method the EPR that It's used is http://localhost:8080/axis2/services/STS but if I put this url in my browser I receive an error page Regards, Nuria 2008/2/6, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > I'm new in SAML with Axis2. I need using it in my web application so I > > would like to know if it's possible to implement it thought WSS4J without > > rampart module. > > > > IFAIK, Rahas module handles trust related stuff in Rampart. So I don't > think you will be able do this only with WSS4J. > > > > If it is not possible is there some explanation about the rampart > > sample05? > > > > Rampart sample 05 demonstrates how a client can obtain a SAML token from a > STS and use that token as supporting token to authenticate to a web service. > > > > > > I can't find the rampart-trust.mar module. > > > > It is the rahas.mar ( rampart trust module ). You can find the source [1] > and the binary [2] in the given links. > > regards, > /nandana > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > [1] - > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust-mar/ > [2] - > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/rahas/SNAPSHOT/ >
SAML with Axis2
Hi, I'm new in SAML with Axis2. I need using it in my web application so I would like to know if it's possible to implement it thought WSS4J without rampart module. If it is not possible is there some explanation about the rampart sample05? I can't find the rampart-trust.mar module. Thanks, Nuria