rahas
Hi, Is there a reason rahas is a module at all? In previous builds rahas was a service (aar), which i thought makes more sense - after all, it has a service functionality in it, and if someone wants to extend it, why do they have to define a dummy service (as in the test cases) just to serve a RST. Speaking of the test cases in integration, they only run under the simple HTTP server that comes with axis2. In order to run them under tomcat for example, several changes need to be applied-the TestClient.java needs to be modified to put proper addressing namespace in the RST mssage - it uses AddressingConstants.Submission.WSA_NAMESPACE when it should use AddressingConstants.Final.WSA_NAMESPACE. Unless there is a way to configure axis2 servlet which namespace to recognize. In addition, opensaml1.1b has a dependency on log4j which is missing from both axis2 1.1 distro and rahas. Adding it to the repo lib dir solves the problem. Is there any plan to finish the trust2 model in wss4j sandbox? It would be nice to have some real api for wst ;-) Thanks ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
rahas question
Hi, When is rahas officially going to be released? Is it targeted for the 1.1 release? Thanks! George Stanchev ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Re: rahas
Hi, On 12/7/06, George Stanchev <[EMAIL PROTECTED]> wrote: Hi, Is there a reason rahas is a module at all? In previous builds rahas was a service (aar), which i thought makes more sense - after all, it has a service functionality in it, and if someone wants to extend it, why do they have to define a dummy service (as in the test cases) just to serve a RST. The main purpose of the rahas.mar is to enable STS functionality on a service to support WS-SecureConversation scenarios. In these scenario's the service is expected to issue and cancel SecurityContextTokens. Speaking of the test cases in integration, they only run under the simple HTTP server that comes with axis2. In order to run them under tomcat for example, several changes need to be applied-the TestClient.java needs to be modified to put proper addressing namespace in the RST mssage - it uses AddressingConstants.Submission.WSA_NAMESPACE when it should use AddressingConstants.Final.WSA_NAMESPACE. Unless there is a way to configure axis2 servlet which namespace to recognize. hmm ... I thought axis2 addressing module can handle any addressing version in incoming messages. In addition, opensaml1.1b has a dependency on log4j which is missing from both axis2 1.1 distro and rahas. Adding it to the repo lib dir solves the problem. will add the log4j dependency to rahas. Is there any plan to finish the trust2 model in wss4j sandbox? It would be nice to have some real api for wst ;-) I'm not sure about the trust2 stuff in wss4j ... but you are welcome to suggest any improvements/patches to rahas ... I'll be glad to try to implement/apply them. Thanks, Ruchith Thanks ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- www.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: rahas
Hi Ruchith, I see. My comments below. George -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Thursday, December 07, 2006 1:22 AM To: axis-user@ws.apache.org Subject: Re: rahas >>On 12/7/06, George Stanchev <[EMAIL PROTECTED]> wrote: >> >> Is there a reason rahas is a module at all? In previous builds rahas >> was a service (aar), which i thought makes more sense - after all, it >> has a service functionality in it, and if someone wants to extend it, >> why do they have to define a dummy service (as in the test cases) just >> to serve a RST. > The main purpose of the rahas.mar is to enable STS functionality on a service > to support WS-SecureConversation scenarios. In these scenario's the service > is expected to issue and cancel SecurityContextTokens. I see. But is there any reason the aar was removed from the build? And speaking of the aar, I could not make it run under tomcat. It kept bombing out when trying to load its configuration settings. I might try to play with it again later on, but meanwhile, have you been successfully able to drop the aar in tomcat and get a RSTR? >> Speaking of the test cases in integration, they only run under the >> simple HTTP server that comes with axis2. >> In order to run them under tomcat for example, several changes need to >> be applied-the TestClient.java needs to be modified to put proper >> addressing namespace in the RST mssage - it uses >> AddressingConstants.Submission.WSA_NAMESPACE when it should use >> AddressingConstants.Final.WSA_NAMESPACE. >> Unless there is a way to configure axis2 servlet which namespace to >> recognize. > hmm ... I thought axis2 addressing module can handle any addressing > version in incoming messages. May be there is some option I am missing. In the RahasData constructor the addressing namespace is pulled from the message context: this.addressingNs = (String) this.inMessageContext .getProperty(AddressingConstants.WS_ADDRESSING_VERSION); and that is later used in RahasData.processAppliesTo() to extract the address element from the epr element. If the message context doesn't have addressing headers in it, then it uses the epr to determine addressing version (as a comment in RahasData, line 174-175 suggests). In the tests, addressing is not used and therefore addressing is only present in epr element and things work. But with addressing enabled, it uses headers with different version and due to the namespace mismatch rahas cannot extract the epr element. The epr addressing namespace doesn't have to match the message namespace does it? >> Is there any plan to finish the trust2 model in wss4j sandbox? >> It would be nice to have some real api for wst ;-) > I'm not sure about the trust2 stuff in wss4j ... but you are welcome > to suggest any improvements/patches to rahas ... I'll be glad to try > to implement/apply them. Googling around, I found an old thread, where you say that the sandbox folder in wss4j contains DOM-based trust implementation and trust2 is a rework but hasn't been finished yet. It looks like it was a good start. For example: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/s andbox/security/trust/message/token/ In the long run I like having separate (reworked) trust client API and STS provider. Speaking of which, how about splitting the issuers in 2 parts - issuer and identity provider. The issuer knows how to issue different tokens as it is now - SAML issuer, UsernameToken issuer, etc. The IdP provides the subjects identity information which the issuer then packages into a token. This way, if users want to extend the STS (to extract subject attributes from LDAP for example) all they have to do is hook their own IdP. George ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Rampart - rahas
Hi All... newbie in WS-Trust... I would like to create an Axis2 client/service with the Rampart module to make use the WS-Trust specification... but to me, at this moment, be difficult to find examples about the use of this API... Could one of yours give-me a direction? Many thank in advance Any help is welcome @jr@ I need a simple RST/RSTR... a kick start ( sorry my poor english ) begin:vcard fn:Arlindo Luis Marcon Junior n:Luis Marcon Junior;Arlindo adr;quoted-printable:;;;Curitiba;Paran=C3=A1;80050240;Brasil email;internet:[EMAIL PROTECTED] url:http://lattes.cnpq.br/6483462042489662 version:2.1 end:vcard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Rampart/Rahas problems
So I've essentially taken Rampart sample6 and split it across three machines with my own web service instead of SimpleService. Here's what happens: 1) client makes Mex request to Service : Service responds. 2) Client makes token request to STS - STS responds 3) Client attempts to make the actual call the Service. Service then responds with "axisFault: Missing wsse:Security header in request" The server logs show something different: ERROR org.apache.ws.security.components.crypto.CryptoFactory - Unable to instantiate (1): org.apache.ws.security.components.crypto.Merlin java.lang.reflect.InvocationTargetException So, I checked and made sure I had BouncyCastle jar in lib directory. I check that security provider is updated (though I haven't a clue why i'm doing this). And, now, I've run out of things to check. i'd appreciate any help. Thanks, --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem deploying Rahas
Hi all, I would like to use Rampart and Rahas in order to create a WS-Trust STS, that exchanges SAML2.0 tokens (using OpenSAML? I don't know, suggestions are welcome!). I use JBoss 4.0.5GA. I've unpacked the Axis2 .war file, I put the .mar in the WEB-INF/modules/ and I edited modules.list. I got this error, from JBoss: 16:00:50,087 INFO [TomcatDeployer] deploy, ctxPath=/axis2, warUrl=.../tmp/deploy/tmp46200axis2-exp.war/ 16:00:53,594 INFO [ModuleDeployer] Deploying module: addressing-1.2 16:00:54,511 INFO [ModuleDeployer] Deploying module: rahas-1.1 16:00:58,808 ERROR [STDERR] java.lang.ClassNotFoundException: No ClassLoaders found for: org.apache.ws.security.transform.STRTransform 16:00:58,813 ERROR [STDERR] at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405) 16:00:58,815 ERROR [STDERR] at java.lang.ClassLoader.loadClass(ClassLoader.java:251) 16:00:58,816 ERROR [STDERR] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName0(Native Method) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName(Class.java:164) 16:00:58,818 ERROR [STDERR] at org.apache.xml.security.transforms.Transform.register(Unknown Source) 16:00:58,818 ERROR [STDERR] at org.apache.ws.security.WSSConfig.(WSSConfig.java:83) 16:00:58,819 ERROR [STDERR] at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95) 16:00:58,820 ERROR [STDERR] at org.apache.ws.security.WSSConfig.(WSSConfig.java:47) 16:00:58,821 ERROR [STDERR] at org.apache.ws.security.WSSecurityEngine.(WSSecurityEngine.java:51) 16:00:58,822 ERROR [STDERR] at org.apache.ws.security.handler.WSHandler.(WSHandler.java:62) 16:00:58,823 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) Have you any ideas? Thank you for your work, Massimiliano Masi This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart/Rahas problems
On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <[EMAIL PROTECTED]> wrote: > So I've essentially taken Rampart sample6 and split it across three > machines with my own web service instead of SimpleService. Here's > what happens: > > 1) client makes Mex request to Service : Service responds. > > 2) Client makes token request to STS - STS responds > > 3) Client attempts to make the actual call the Service. > > Service then responds with "axisFault: Missing wsse:Security header in > request" > > The server logs show something different: > > ERROR org.apache.ws.security.components.crypto.CryptoFactory - > Unable to instantiate (1): > org.apache.ws.security.components.crypto.Merlin > java.lang.reflect.InvocationTargetException > > So, I checked and made sure I had BouncyCastle jar in lib directory. > I check that security provider is updated (though I haven't a clue why > i'm doing this). And, now, I've run out of things to check. i'd > appreciate any help. This one turned out to be a keystore problem. Need to always double check their locations! Anyway, so I've gotten a bit further and now get another exception. 2008-06-27 09:39:20,915 [http-8080-1] ERROR org.apache.axis2.transport.http.AxisServlet - java.lang.NoClassDefFoundError at javax.crypto.Cipher.getInstance(DashoA12275) Google turns up several references to this problem and they all lead back to the bouncy castle/java.security thing. I have double checked that. One thing about my environment is that it's Solaris, and the apps are being run from different zones. I made the java.security change in the global zone and when I log into each zone it seems the settings are indeed there. The thing is, the STS (also in a zone) is having no trouble issuing/signing tokens and it's under the same configuration. I'll keep poking around but would greatly appreciate any pointers. Thanks, --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart/Rahas problems
On Fri, Jun 27, 2008 at 9:48 AM, Tim Williams <[EMAIL PROTECTED]> wrote: > On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <[EMAIL PROTECTED]> wrote: >> So I've essentially taken Rampart sample6 and split it across three >> machines with my own web service instead of SimpleService. Here's >> what happens: >> >> 1) client makes Mex request to Service : Service responds. >> >> 2) Client makes token request to STS - STS responds >> >> 3) Client attempts to make the actual call the Service. >> >> Service then responds with "axisFault: Missing wsse:Security header in >> request" >> >> The server logs show something different: >> >> ERROR org.apache.ws.security.components.crypto.CryptoFactory - >> Unable to instantiate (1): >> org.apache.ws.security.components.crypto.Merlin >> java.lang.reflect.InvocationTargetException >> >> So, I checked and made sure I had BouncyCastle jar in lib directory. >> I check that security provider is updated (though I haven't a clue why >> i'm doing this). And, now, I've run out of things to check. i'd >> appreciate any help. > > This one turned out to be a keystore problem. Need to always double > check their locations! Anyway, so I've gotten a bit further and now > get another exception. > > 2008-06-27 09:39:20,915 [http-8080-1] ERROR > org.apache.axis2.transport.http.AxisServlet - > java.lang.NoClassDefFoundError >at javax.crypto.Cipher.getInstance(DashoA12275) > > Google turns up several references to this problem and they all lead > back to the bouncy castle/java.security thing. I have double checked > that. One thing about my environment is that it's Solaris, and the > apps are being run from different zones. I made the java.security > change in the global zone and when I log into each zone it seems the > settings are indeed there. The thing is, the STS (also in a zone) is > having no trouble issuing/signing tokens and it's under the same > configuration. I'll keep poking around but would greatly appreciate > any pointers. It turns out the exception is what i get after the first failed call after a restart. I halt/boot the zone and attempt it and I get the exception below. After the initial exception, subsequent calls give me the NoClassDefFoundError as I describe above. java.lang.ExceptionInInitializerError at javax.crypto.Cipher.getInstance(DashoA12275) at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:677) ... at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.SunJCE_b.(DashoA12275) ... 29 more Caused by: java.security.PrivilegedActionException: java.security.InvalidKeyException: Public key presented not for certificate signature at java.security.AccessController.doPrivileged(Native Method) ... 30 more Caused by: java.security.InvalidKeyException: Public key presented not for certificate signature ... at javax.crypto.SunJCE_r.run(DashoA12275) Any clues? Thanks, --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart/Rahas problems
I still think the issue is boncycastle not being picked up as the JCE provider. Please check http://issues.apache.org/jira/browse/WSS-99 http://issues.apache.org/jira/browse/WSS-82 thanks, nandana On Fri, Jun 27, 2008 at 8:05 PM, Tim Williams <[EMAIL PROTECTED]> wrote: > On Fri, Jun 27, 2008 at 9:48 AM, Tim Williams <[EMAIL PROTECTED]> > wrote: > > On Fri, Jun 27, 2008 at 7:53 AM, Tim Williams <[EMAIL PROTECTED]> > wrote: > >> So I've essentially taken Rampart sample6 and split it across three > >> machines with my own web service instead of SimpleService. Here's > >> what happens: > >> > >> 1) client makes Mex request to Service : Service responds. > >> > >> 2) Client makes token request to STS - STS responds > >> > >> 3) Client attempts to make the actual call the Service. > >> > >> Service then responds with "axisFault: Missing wsse:Security header in > request" > >> > >> The server logs show something different: > >> > >> ERROR org.apache.ws.security.components.crypto.CryptoFactory - > >> Unable to instantiate (1): > >> org.apache.ws.security.components.crypto.Merlin > >> java.lang.reflect.InvocationTargetException > >> > >> So, I checked and made sure I had BouncyCastle jar in lib directory. > >> I check that security provider is updated (though I haven't a clue why > >> i'm doing this). And, now, I've run out of things to check. i'd > >> appreciate any help. > > > > This one turned out to be a keystore problem. Need to always double > > check their locations! Anyway, so I've gotten a bit further and now > > get another exception. > > > > 2008-06-27 09:39:20,915 [http-8080-1] ERROR > > org.apache.axis2.transport.http.AxisServlet - > > java.lang.NoClassDefFoundError > >at javax.crypto.Cipher.getInstance(DashoA12275) > > > > Google turns up several references to this problem and they all lead > > back to the bouncy castle/java.security thing. I have double checked > > that. One thing about my environment is that it's Solaris, and the > > apps are being run from different zones. I made the java.security > > change in the global zone and when I log into each zone it seems the > > settings are indeed there. The thing is, the STS (also in a zone) is > > having no trouble issuing/signing tokens and it's under the same > > configuration. I'll keep poking around but would greatly appreciate > > any pointers. > > It turns out the exception is what i get after the first failed call > after a restart. I halt/boot the zone and attempt it and I get the > exception below. After the initial exception, subsequent calls give > me the NoClassDefFoundError as I describe above. > > > java.lang.ExceptionInInitializerError > at javax.crypto.Cipher.getInstance(DashoA12275) > at > org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:677) > ... >at java.lang.Thread.run(Thread.java:595) > Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs >at javax.crypto.SunJCE_b.(DashoA12275) >... 29 more > Caused by: java.security.PrivilegedActionException: > java.security.InvalidKeyException: Public key presented not for > certificate signature >at java.security.AccessController.doPrivileged(Native Method) >... 30 more > Caused by: java.security.InvalidKeyException: Public key presented not > for certificate signature > ... >at javax.crypto.SunJCE_r.run(DashoA12275) > > Any clues? > Thanks, > --tim > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Using Rahas with WebSphere
Has anybody tried to use the Rahas STS server with WebSphere clients? If so, could you please share samples, caveats, etc.? (I am particularly interested in WebSphere Application Server 6.1 and 7.0, but experience with earlier versions could also be helpful). Thank you, Ugo
[Axis2][Fwd: rahas question]
Forwarding with correct prefix. Ruchith, over to you :) Original Message Subject:rahas question Date: Tue, 24 Oct 2006 16:21:41 -0700 From: George Stanchev <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: Hi, When is rahas officially going to be released? Is it targeted for the 1.1 release? Thanks! George Stanchev signature.asc Description: OpenPGP digital signature
Re: Problem deploying Rahas
Hi, Seems like you are missing the wss4j jar in the classpath. Please include all jars in the lib dir of the rampart-distro in the classpath in addition to the jars in the axis2 bin distro. Thanks, Ruchith On 6/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi all, I would like to use Rampart and Rahas in order to create a WS-Trust STS, that exchanges SAML2.0 tokens (using OpenSAML? I don't know, suggestions are welcome!). I use JBoss 4.0.5GA. I've unpacked the Axis2 .war file, I put the .mar in the WEB-INF/modules/ and I edited modules.list. I got this error, from JBoss: 16:00:50,087 INFO [TomcatDeployer] deploy, ctxPath=/axis2, warUrl=.../tmp/deploy/tmp46200axis2-exp.war/ 16:00:53,594 INFO [ModuleDeployer] Deploying module: addressing-1.2 16:00:54,511 INFO [ModuleDeployer] Deploying module: rahas-1.1 16:00:58,808 ERROR [STDERR] java.lang.ClassNotFoundException: No ClassLoaders found for: org.apache.ws.security.transform.STRTransform 16:00:58,813 ERROR [STDERR] at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405) 16:00:58,815 ERROR [STDERR] at java.lang.ClassLoader.loadClass(ClassLoader.java:251) 16:00:58,816 ERROR [STDERR] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName0(Native Method) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName(Class.java:164) 16:00:58,818 ERROR [STDERR] at org.apache.xml.security.transforms.Transform.register(Unknown Source) 16:00:58,818 ERROR [STDERR] at org.apache.ws.security.WSSConfig.(WSSConfig.java:83) 16:00:58,819 ERROR [STDERR] at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95) 16:00:58,820 ERROR [STDERR] at org.apache.ws.security.WSSConfig.(WSSConfig.java:47) 16:00:58,821 ERROR [STDERR] at org.apache.ws.security.WSSecurityEngine.(WSSecurityEngine.java:51) 16:00:58,822 ERROR [STDERR] at org.apache.ws.security.handler.WSHandler.(WSHandler.java:62) 16:00:58,823 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) Have you any ideas? Thank you for your work, Massimiliano Masi This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Rampart gets module.xml from Rahas
Can you please help me configure Axis2 to send requests with a UsernameToken? I'm developing a SOAP client application, using Axis2 to generate Java from WSDL. Rampart doesn't add any headers to the request message. Part of the problem is that its META-INF/module.xml resource comes from lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. Because it has the wrong module.xml, it doesn't add any flow handlers to the outFlow, and consequently no headers are added to outgoing messages. It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is in the program's initial classpath. It helps to re-order the classpath, so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. But then I guess the META-INF/module.xml from axis2-security-1.1.jar is used for other modules, which seems likely to cause other problems. It's surprising that there are META-INF/module.xml files in lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a mistake? Don't they belong in .mar files? Rampart seems like too much software for this little job. Could I use something simpler? I got Axis2 from http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip and Rampart from http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip I'm using the Sun JDK 1.5 on Windows. The wrong module.xml is chosen by DeploymentEngine.populateModule. If I remove lib/axis2-rahas-1.1.jar from the initial classpath, the program fails: Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/rahas/TrustException at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2328) at java.lang.Class.getConstructor0(Class.java:2640) at java.lang.Class.newInstance0(Class.java:321) at java.lang.Class.newInstance(Class.java:303) at org.apache.axis2.deployment.util.Utils.addFlowHandlers(Utils.java:69) at org.apache.axis2.deployment.DeploymentEngine.addNewModule(DeploymentEngi ne.java:332) at org.apache.axis2.deployment.DeploymentEngine.loadRepositoryFromURL(Deplo ymentEngine.java:187) at org.apache.axis2.deployment.URLBasedAxisConfigurator.getAxisConfiguratio n(URLBasedAxisConfigurator.java:71) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:61) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration ContextFromURIs(ConfigurationContextFactory.java:185) - John Kristian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Fwd: rahas question]
Rahas (WS-Trust impl) will be released as a component of the Apache Rampart distribution immediately (one or two weeks) after axis2-1.1 release and yes, this will be targeted towards axis2-1.1. Right now you can try the nightly builds of rampart [1] with axis2 nightly builds [2]. Thanks, Ruchith [1] http://ws.zones.apache.org/dist/rampart/nightly/ [2] http://ws.zones.apache.org/dist/axis2/nightly/ On 10/25/06, Eran Chinthaka <[EMAIL PROTECTED]> wrote: Forwarding with correct prefix. Ruchith, over to you :) Original Message Subject: rahas question Date: Tue, 24 Oct 2006 16:21:41 -0700 From: George Stanchev <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: Hi, When is rahas officially going to be released? Is it targeted for the 1.1 release? Thanks! George Stanchev -- www.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [Axis2][Fwd: rahas question]
Thanks Ruchith, Thanks for the response! I have couple of follow-up questions though. * Is some enhancement of the client interface planned? Right now things are a bit clunky and not very flexible implemented via the STSClient and TrustUtils. Some type of client interface refactor I think would be beneficial. * Any idea weather Validate and Renew actions will be supported for the 1.1 release? * Is there plan for other token suppport out of the box? Right now Rahas seem to support SAML 1.1 tokens. How about Username, X509, Kerberos, REL and other WS-S supported profiles? * I see you are using opensaml 1.1 for the SAML token issuer. Any plans to switch to opensaml 2.0 soon and thus provide SAML 1.1 and 2.0 support? I know opensaml 2.0 is not yet released, and will not be released for another few months so this might be a mute point. Thanks! Best Regards, George -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 9:06 PM To: axis-user@ws.apache.org Subject: Re: [Axis2][Fwd: rahas question] Rahas (WS-Trust impl) will be released as a component of the Apache Rampart distribution immediately (one or two weeks) after axis2-1.1 release and yes, this will be targeted towards axis2-1.1. Right now you can try the nightly builds of rampart [1] with axis2 nightly builds [2]. Thanks, Ruchith [1] http://ws.zones.apache.org/dist/rampart/nightly/ [2] http://ws.zones.apache.org/dist/axis2/nightly/ On 10/25/06, Eran Chinthaka <[EMAIL PROTECTED]> wrote: > Forwarding with correct prefix. > > Ruchith, over to you :) > > Original Message ---- > Subject:rahas question > Date: Tue, 24 Oct 2006 16:21:41 -0700 > From: George Stanchev <[EMAIL PROTECTED]> > Reply-To: axis-user@ws.apache.org > To: > > > > Hi, > > When is rahas officially going to be released? Is it targeted for the > 1.1 release? > > Thanks! > > George Stanchev > > > > > -- www.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Fwd: rahas question]
On 10/28/06, George Stanchev <[EMAIL PROTECTED]> wrote: Thanks Ruchith, Thanks for the response! I have couple of follow-up questions though. * Is some enhancement of the client interface planned? Right now things are a bit clunky and not very flexible implemented via the STSClient and TrustUtils. Some type of client interface refactor I think would be beneficial. Any proposals as to how you would prefer the interface to be? Please file a JIRA [1] with your proposal. * Any idea weather Validate and Renew actions will be supported for the 1.1 release? Not for 1.1 release. * Is there plan for other token suppport out of the box? Right now Rahas seem to support SAML 1.1 tokens. How about Username, X509, Kerberos, REL and other WS-S supported profiles? Right now for 1.1 release, Rahas will provide issuers for SecurityContextTokens and SAML-1.1 tokens by default. It'll be great if you can help with the other token types. * I see you are using opensaml 1.1 for the SAML token issuer. Any plans to switch to opensaml 2.0 soon and thus provide SAML 1.1 and 2.0 support? I know opensaml 2.0 is not yet released, and will not be released for another few months so this might be a mute point. IMHO we can integrate SAML 2.0 support when opensaml-2.0 is released. Thanks, Ruchith [1] http://issues.apache.org/jira/browse/AXIS2 Thanks! Best Regards, George -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 9:06 PM To: axis-user@ws.apache.org Subject: Re: [Axis2][Fwd: rahas question] Rahas (WS-Trust impl) will be released as a component of the Apache Rampart distribution immediately (one or two weeks) after axis2-1.1 release and yes, this will be targeted towards axis2-1.1. Right now you can try the nightly builds of rampart [1] with axis2 nightly builds [2]. Thanks, Ruchith [1] http://ws.zones.apache.org/dist/rampart/nightly/ [2] http://ws.zones.apache.org/dist/axis2/nightly/ On 10/25/06, Eran Chinthaka <[EMAIL PROTECTED]> wrote: > Forwarding with correct prefix. > > Ruchith, over to you :) > > Original Message > Subject:rahas question > Date: Tue, 24 Oct 2006 16:21:41 -0700 > From: George Stanchev <[EMAIL PROTECTED]> > Reply-To: axis-user@ws.apache.org > To: > > > > Hi, > > When is rahas officially going to be released? Is it targeted for the > 1.1 release? > > Thanks! > > George Stanchev > > > > > -- www.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AXIS2: SAML example using Rahas
Hi, I have seen a few posts/requests for SAML example(s) using Rahas. I haven't seen anything concrete as responses - mostly along the lines that code is documentation. Does anyone have a simple example that illustrates how to use Rahas to have uid/pwd or other credentials mapped to SAML tokens that can then be passed to a Service? Also, does Rahas have support to map SAML tokens to JAAS subjects within an App server? If it doesn't any suggestions? Appreciate any information. - Nagi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Axis2 and Rampart / Rahas Client
Hello @all! I want to use a service as security token provider. For this task I've chosen Rahas 1.1 in Axis2 1.1. Now I want to write a client which shall call a normal web service in my axis2 service repository but before the client shall call the security token service to get a SAML token. Can anybody show me how to implement or configure the client? Greetrings Christian -- View this message in context: http://www.nabble.com/Axis2-and-Rampart---Rahas-Client-tf4141852.html#a11781509 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart gets module.xml from Rahas
Hi, On 3/17/07, John Kristian <[EMAIL PROTECTED]> wrote: Can you please help me configure Axis2 to send requests with a UsernameToken? I'm developing a SOAP client application, using Axis2 to generate Java from WSDL. Rampart doesn't add any headers to the request message. Part of the problem is that its META-INF/module.xml resource comes from lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. Because it has the wrong module.xml, it doesn't add any flow handlers to the outFlow, and consequently no headers are added to outgoing messages. It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is in the program's initial classpath. It helps to re-order the classpath, so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. But then I guess the META-INF/module.xml from axis2-security-1.1.jar is used for other modules, which seems likely to cause other problems. It's surprising that there are META-INF/module.xml files in lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a mistake? Don't they belong in .mar files? Yes! they should not be in the .jar files. This is fixed in the new rampart artifacts. [1] Rampart seems like too much software for this little job. Could I use something simpler? I got Axis2 from http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip and Rampart from http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip I'm using the Sun JDK 1.5 on Windows. The wrong module.xml is chosen by DeploymentEngine.populateModule. Can you please try to pick up the rampart-core-LATEST-SNAPSHOT.jar rampart-trust-LATEST-SNAPSHOT.jar rampart-policy-LATEST-SNAPSHOT.jar and replace your axis2-security-1.1.jar axis2-rahas-1.1.jar axis2-secpolicy-1.1,jar from here [1]. Also replace replace your rampart-1.1mar with the latest snapshot available at http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/rampart/SNAPSHOT/ (Make sure you name it rampart-SNAPSHOT.mar) Now try your scenario once again. Thanks, Ruchith [1] http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ If I remove lib/axis2-rahas-1.1.jar from the initial classpath, the program fails: Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/rahas/TrustException at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2328) at java.lang.Class.getConstructor0(Class.java:2640) at java.lang.Class.newInstance0(Class.java:321) at java.lang.Class.newInstance(Class.java:303) at org.apache.axis2.deployment.util.Utils.addFlowHandlers(Utils.java:69) at org.apache.axis2.deployment.DeploymentEngine.addNewModule(DeploymentEngi ne.java:332) at org.apache.axis2.deployment.DeploymentEngine.loadRepositoryFromURL(Deplo ymentEngine.java:187) at org.apache.axis2.deployment.URLBasedAxisConfigurator.getAxisConfiguratio n(URLBasedAxisConfigurator.java:71) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:61) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration ContextFromURIs(ConfigurationContextFactory.java:185) - John Kristian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Rampart gets module.xml from Rahas
The results aren't substantially different with the files below. Rampart doesn't add any headers, unless rampart-core-*.jar precedes rampart-trust-*.jar in the initial classpath. These two .jar files each contain META-INF/module.xml. I downloaded http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-core/SNAPSHOT/rampart-core-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-trust/SNAPSHOT/rampart-trust-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-policy/SNAPSHOT/rampart-policy-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/rampart-20070216.151012-1.mar I hope these are the files Ruchith meant. - John Kristian -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 7:15 PM To: axis-user@ws.apache.org Subject: Re: Rampart gets module.xml from Rahas Hi, On 3/17/07, John Kristian <[EMAIL PROTECTED]> wrote: > Can you please help me configure Axis2 to send requests with a > UsernameToken? I'm developing a SOAP client application, using Axis2 > to generate Java from WSDL. > > Rampart doesn't add any headers to the request message. Part of the > problem is that its META-INF/module.xml resource comes from > lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. > Because it has the wrong module.xml, it doesn't add any flow handlers to > the outFlow, and consequently no headers are added to outgoing messages. > > It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is > in the program's initial classpath. It helps to re-order the classpath, > so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. > But then I guess the META-INF/module.xml from axis2-security-1.1.jar is > used for other modules, which seems likely to cause other problems. > > It's surprising that there are META-INF/module.xml files in > lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a > mistake? Don't they belong in .mar files? Yes! they should not be in the .jar files. This is fixed in the new rampart artifacts. [1] > I got Axis2 from > http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip > and Rampart from > http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip Can you please try to pick up the rampart-core-LATEST-SNAPSHOT.jar rampart-trust-LATEST-SNAPSHOT.jar rampart-policy-LATEST-SNAPSHOT.jar and replace your axis2-security-1.1.jar axis2-rahas-1.1.jar axis2-secpolicy-1.1,jar from here [1]. Also replace replace your rampart-1.1mar with the latest snapshot available at http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/ (Make sure you name it rampart-SNAPSHOT.mar) Now try your scenario once again. Thanks, Ruchith [1] http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart gets module.xml from Rahas
Hi, The jar file are not supposed to have the module.xml file. I'll remove them. Thanks, Ruchith On 3/20/07, John Kristian <[EMAIL PROTECTED]> wrote: The results aren't substantially different with the files below. Rampart doesn't add any headers, unless rampart-core-*.jar precedes rampart-trust-*.jar in the initial classpath. These two .jar files each contain META-INF/module.xml. I downloaded http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-core/SNAPSHOT/rampart-core-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-trust/SNAPSHOT/rampart-trust-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-policy/SNAPSHOT/rampart-policy-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/rampart-20070216.151012-1.mar I hope these are the files Ruchith meant. - John Kristian -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 7:15 PM To: axis-user@ws.apache.org Subject: Re: Rampart gets module.xml from Rahas Hi, On 3/17/07, John Kristian <[EMAIL PROTECTED]> wrote: > Can you please help me configure Axis2 to send requests with a > UsernameToken? I'm developing a SOAP client application, using Axis2 > to generate Java from WSDL. > > Rampart doesn't add any headers to the request message. Part of the > problem is that its META-INF/module.xml resource comes from > lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. > Because it has the wrong module.xml, it doesn't add any flow handlers to > the outFlow, and consequently no headers are added to outgoing messages. > > It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is > in the program's initial classpath. It helps to re-order the classpath, > so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. > But then I guess the META-INF/module.xml from axis2-security-1.1.jar is > used for other modules, which seems likely to cause other problems. > > It's surprising that there are META-INF/module.xml files in > lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a > mistake? Don't they belong in .mar files? Yes! they should not be in the .jar files. This is fixed in the new rampart artifacts. [1] > I got Axis2 from > http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip > and Rampart from > http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip Can you please try to pick up the rampart-core-LATEST-SNAPSHOT.jar rampart-trust-LATEST-SNAPSHOT.jar rampart-policy-LATEST-SNAPSHOT.jar and replace your axis2-security-1.1.jar axis2-rahas-1.1.jar axis2-secpolicy-1.1,jar from here [1]. Also replace replace your rampart-1.1mar with the latest snapshot available at http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/ (Make sure you name it rampart-SNAPSHOT.mar) Now try your scenario once again. Thanks, Ruchith [1] http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart gets module.xml from Rahas
Done ! This is fixed in the latest Rampart [1] Thanks, Ruchith [1] http://svn.apache.org/viewvc?view=rev&rev=520381 On 3/20/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote: Hi, The jar file are not supposed to have the module.xml file. I'll remove them. Thanks, Ruchith On 3/20/07, John Kristian <[EMAIL PROTECTED]> wrote: > The results aren't substantially different with the files below. > Rampart doesn't add any headers, unless rampart-core-*.jar precedes > rampart-trust-*.jar in the initial classpath. These two .jar files each > contain META-INF/module.xml. > > I downloaded > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > rampart-core/SNAPSHOT/rampart-core-20070309.130032-16.jar > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > rampart-trust/SNAPSHOT/rampart-trust-20070309.130032-16.jar > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > rampart-policy/SNAPSHOT/rampart-policy-20070309.130032-16.jar > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > rampart/SNAPSHOT/rampart-20070216.151012-1.mar > > I hope these are the files Ruchith meant. > > - John Kristian > > -Original Message- > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 18, 2007 7:15 PM > To: axis-user@ws.apache.org > Subject: Re: Rampart gets module.xml from Rahas > > Hi, > > On 3/17/07, John Kristian <[EMAIL PROTECTED]> wrote: > > Can you please help me configure Axis2 to send requests with a > > UsernameToken? I'm developing a SOAP client application, using Axis2 > > to generate Java from WSDL. > > > > Rampart doesn't add any headers to the request message. Part of the > > problem is that its META-INF/module.xml resource comes from > > lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. > > Because it has the wrong module.xml, it doesn't add any flow handlers > to > > the outFlow, and consequently no headers are added to outgoing > messages. > > > > It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is > > in the program's initial classpath. It helps to re-order the > classpath, > > so that lib/axis2-security-1.1.jar comes before > lib/axis2-rahas-1.1.jar. > > But then I guess the META-INF/module.xml from axis2-security-1.1.jar > is > > used for other modules, which seems likely to cause other problems. > > > > It's surprising that there are META-INF/module.xml files in > > lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a > > mistake? Don't they belong in .mar files? > > Yes! they should not be in the .jar files. > This is fixed in the new rampart artifacts. [1] > > > I got Axis2 from > > http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip > > and Rampart from > > > http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 > .zip > > Can you please try to pick up the > > rampart-core-LATEST-SNAPSHOT.jar > rampart-trust-LATEST-SNAPSHOT.jar > rampart-policy-LATEST-SNAPSHOT.jar > > and replace your > > axis2-security-1.1.jar > axis2-rahas-1.1.jar > axis2-secpolicy-1.1,jar > > from here [1]. > > Also replace replace your rampart-1.1mar with the latest snapshot > available at > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > rampart/SNAPSHOT/ > (Make sure you name it rampart-SNAPSHOT.mar) > > Now try your scenario once again. > > Thanks, > Ruchith > > [1] > http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ > -- www.ruchith.org www.wso2.org -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2: SAML example using Rahas
Hi Nagi, A new sample was added to the current trunk under development[1]. Some documentation about the STS is available here[2]. All these will come out with the next release. Regards, Dimuthu [1]https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/ [2]http://ws.apache.org/rampart/quick-start.html On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote: > Hi, > > I have seen a few posts/requests for SAML example(s) using Rahas. I > haven't seen anything concrete as responses - mostly along the lines > that code is documentation. > > Does anyone have a simple example that illustrates how to use Rahas to > have uid/pwd or other credentials mapped to SAML tokens that can then > be passed to a Service? > > Also, does Rahas have support to map SAML tokens to JAAS subjects > within an App server? If it doesn't any suggestions? > > Appreciate any information. > > - Nagi > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2: SAML example using Rahas
Hi Nagi,
See my in-line reply.
On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote:
> Hi,
>
> I have seen a few posts/requests for SAML example(s) using Rahas. I
> haven't seen anything concrete as responses - mostly along the lines
> that code is documentation.
>
> Does anyone have a simple example that illustrates how to use Rahas to
> have uid/pwd or other credentials mapped to SAML tokens that can then
> be passed to a Service?f
We don't have this ability right now. I have sent a mail to rampart-dev
list about this.
> Also, does Rahas have support to map SAML tokens to JAAS subjects
> within an App server? If it doesn't any suggestions?
There is no straight forward way of doing this right now. SAML Token is
inside the WSSecurityResults. It can be obtained as follows. [1]
Regards,
Dimuthu.
[1]
Vector results = null;
if ((results = (Vector) msgCtx
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null)
{
throw new RuntimeException("No security results!!");
} else {
for (int i = 0; i < results.size(); i++) {
//Get hold of the WSHandlerResult instance
WSHandlerResult rResult = (WSHandlerResult)
results.get(i);
Vector wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
//Get hold of the WSSecurityEngineResult
instance
WSSecurityEngineResult wser =
(WSSecurityEngineResult)
wsSecEngineResults.get(j);
TAG_SAML_ASSERTION
int act =
((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
intValue();
if((act == WSConstants.ST_UNSIGNED) || (act ==
WSConstants.ST_SIGNED)) {
SAMLAssertion ass = (SAMLAssertion) wser
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
}
}
}
> Appreciate any information.
>
> - Nagi
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2 and Rampart / Rahas Client
Please see this : http://marc.info/?l=axis-user&m=118665642802630&w=2 Thanks, Ruchith On 7/25/07, Chris82KS <[EMAIL PROTECTED]> wrote: > > Hello @all! > > I want to use a service as security token provider. For this task I've > chosen Rahas 1.1 in Axis2 1.1. > Now I want to write a client which shall call a normal web service in my > axis2 service repository but before the client shall call the security token > service to get a SAML token. Can anybody show me how to implement or > configure the client? > > Greetrings > > Christian > -- > View this message in context: > http://www.nabble.com/Axis2-and-Rampart---Rahas-Client-tf4141852.html#a11781509 > Sent from the Axis - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Exposing STS (Rahas) [was: locating rampart-trust.mar]
On Fri, Jun 20, 2008 at 6:51 AM, Tim Williams <[EMAIL PROTECTED]> wrote: > On Fri, Jun 20, 2008 at 5:33 AM, Nandana Mihindukulasooriya > <[EMAIL PROTECTED]> wrote: >> Hi Tim, >> >>> I'm unable to find rampart-trust.mar and obviously don't have the >>> necessary maven-fu to build it myself. >> >> Name of the trust module in Apache Rampart is Rahas. So what you need >> is rahas-x.x.mar . If you download the Rampart distribution [1] you can find >> it under modules. > > Thanks Nandana, i do have rahas. The guide only describes how to > deploy it while overriding the Issuer. To deploy it without > overriding the issuer, do I just create a service archive that only > contains a services.xml file referencing rahas and rampart? So i think I've figured out that one needs to globally engage the module to have the RequestSecurityToken operation globally exposed but I'm clearly missing something. I simply want a standalone STS. So, when i globally engage the rahas module where might I find the WSDL for the RequestSecurityToken operation? I've tried the following with no luck: /axis2/services/RequestSecurityToken?wsdl Thanks, --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Adding security header to STSClient in rahas
Hi all,
I wanted to add username/password token in my request to my sts service. I'm
using the STSClient from rahas and tried with this
Options options = new Options();
options.setUserName("user");
options.setPassword("pass");
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("policy/sts_policy.xml"));
stsClient.setOptions(options);
But the messages don't have a security header.
Alos how should I configure the callback handler, since it need to both
validate the username password and fetch the certificate for validating the
signed message. Should it be something like this
if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){
/* Do password validation*/
}
if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){
/* Do set password for keystore*/
}
cheers, Håkon
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)
Axis2 and Rahas: STS shall issue tokens
Hello! Now I have implemented a STS with RAHAS 1.1. My client sends requests to the STS without authentication. That means that I don't send a usernametoken and I don't send a X509-token, either. But my STS doesn't send the correct response, means it doesn't send a token. It alwyays says that request failed. Is it possible to use the STS without authentication so that the STS sends a token fpr each request it gets? How must I configure the STS? And: Is it always neccessary that I must configure crypto settings inside the saml-issuer-config-tag? I don't want to sign tokens. Greetings Christian -- View this message in context: http://www.nabble.com/Axis2-and-Rahas%3A-STS-shall-issue-tokens-tf4191452.html#a11919721 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Exposing STS (Rahas) [was: locating rampart-trust.mar]
On Fri, Jun 20, 2008 at 6:13 PM, Tim Williams <[EMAIL PROTECTED]> wrote: > On Fri, Jun 20, 2008 at 6:51 AM, Tim Williams <[EMAIL PROTECTED]> > wrote: > > On Fri, Jun 20, 2008 at 5:33 AM, Nandana Mihindukulasooriya > > <[EMAIL PROTECTED]> wrote: > >> Hi Tim, > >> > >>> I'm unable to find rampart-trust.mar and obviously don't have the > >>> necessary maven-fu to build it myself. > >> > >> Name of the trust module in Apache Rampart is Rahas. So what you > need > >> is rahas-x.x.mar . If you download the Rampart distribution [1] you can > find > >> it under modules. > > > > Thanks Nandana, i do have rahas. The guide only describes how to > > deploy it while overriding the Issuer. To deploy it without > > overriding the issuer, do I just create a service archive that only > > contains a services.xml file referencing rahas and rampart? > > So i think I've figured out that one needs to globally engage the > module to have the RequestSecurityToken operation globally exposed but > I'm clearly missing something. I simply want a standalone STS. So, > when i globally engage the rahas module where might I find the WSDL > for the RequestSecurityToken operation? I've tried the following with > no luck: > > /axis2/services/RequestSecurityToken?wsdl > > Thanks, > --tim > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/services.xml /axis2/services/STS?wsdl regards, nandana >
Fwd: Adding security header to STSClient in rahas
-- Forwarded message --
From: Håkon Sagehaug
Date: 2009/3/12
Subject: Re: Adding security header to STSClient in rahas
To: rampart-...@ws.apache.org
Hi
what I read out of the code is that if username and password is set in
options it should be picked up, but I set it in option and still no
unsername token header.
Here is my policy, if anyone sees something wrong it's highly appreciated
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
http://ws.apache.org/rampart/policy
">
client
service
PWCBHandler
JKS
clientTrustStore.jks
pass
2009/3/11 Martin Gainty
>/**
> * Sets the crypto information required to process the RSTR.
> *
> * @param cryptoCrypto information
> * @param cbHandler Callback handler to provide the private key password
> to
> * decrypt
> */
>public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
>this.crypto = crypto;
>this.cbHandler = cbHandler;
>}
>
> Test Harness from RampartUtil:
> public static String getToken(RampartMessageData rmd, OMElement
> rstTemplate,
>String issuerEpr, String action, Policy issuerPolicy) throws
> RampartException {
>
>try {
>//First check whether the user has provided the token
>MessageContext msgContext = rmd.getMsgContext();
>String customTokeId = (String) msgContext
>
> .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
>if(customTokeId != null) {
>return customTokeId;
>} else {
>
>Axis2Util.useDOOM(false);
>
>STSClient client = new STSClient(rmd.getMsgContext()
>.getConfigurationContext());
>// Set request action
>client.setAction(action);
>
>client.setRstTemplate(rstTemplate);
>
>// Set crypto information
>Crypto crypto =
> RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
>
> rmd.getMsgContext().getAxisService().getClassLoader());
>CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
>client.setCryptoInfo(crypto, cbh);
>
> which is called from BindingBuilder:
> protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd)
> throws RampartException {
>
>log.debug("Adding a UsernameToken");
>
>RampartPolicyData rpd = rmd.getPolicyData();
>
>//Get the user
>//First try options
>Options options = rmd.getMsgContext().getOptions();
>String user = options.getUserName();
>if(user == null || user.length() == 0) {
>//Then try RampartConfig
>if(rpd.getRampartConfig() != null) {
>user = rpd.getRampartConfig().getUser();
>}
>}
>
>if(user != null && !"".equals(user)) {
>log.debug("User : " + user);
>
>//Get the password
>
>//First check options object for a password
>String password = options.getPassword();
>
>if((password == null || password.length() == 0) &&
>rpd.getRampart
Re: Adding security header to STSClient in rahas
Can you post the SOAP message ? In the case of symmetric binding username
token header is encrypted.
thanks,
nandana
On Thu, Mar 12, 2009 at 5:06 PM, Håkon Sagehaug
wrote:
>
>
> -- Forwarded message --
> From: Håkon Sagehaug
> Date: 2009/3/12
> Subject: Re: Adding security header to STSClient in rahas
> To: rampart-...@ws.apache.org
>
>
> Hi
>
> what I read out of the code is that if username and password is set in
> options it should be picked up, but I set it in option and still no
> unsername token header.
>
> Here is my policy, if anyone sees something wrong it's highly appreciated
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>
>
>
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> ">
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
>
>
>
>
>
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>
>
>
>
>
>
> http://ws.apache.org/rampart/policy";>
> client
> service
>
> PWCBHandler
>
>
> provider="org.apache.ws.security.components.crypto.Merlin">
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
> name="org.apache.ws.security.crypto.merlin.file">
>clientTrustStore.jks
>
>
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">pass
>
>
>
>
>
>
> 2009/3/11 Martin Gainty
>
>
>>/**
>> * Sets the crypto information required to process the RSTR.
>> *
>> * @param cryptoCrypto information
>> * @param cbHandler Callback handler to provide the private key
>> password to
>> * decrypt
>> */
>>public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
>>this.crypto = crypto;
>>this.cbHandler = cbHandler;
>>}
>>
>> Test Harness from RampartUtil:
>> public static String getToken(RampartMessageData rmd, OMElement
>> rstTemplate,
>>String issuerEpr, String action, Policy issuerPolicy) throws
>> RampartException {
>>
>>try {
>>//First check whether the user has provided the token
>>MessageContext msgContext = rmd.getMsgContext();
>>String customTokeId = (String) msgContext
>>
>> .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
>>if(customTokeId != null) {
>>return customTokeId;
>>} else {
>>
>>Axis2Util.useDOOM(false);
>>
>>STSClient client = new STSClient(rmd.getMsgContext()
>>.getConfigurationContext());
>>// Set request action
>>client.setAction(action);
>>
>>client.setRstTemplate(rstTemplate);
>>
>>// Set crypto information
>>Crypto crypto =
>> RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
>>
>> rmd.getMsgContext().getAxisService().getClassLoader())
AXIS2 Sandesha 2: Failure when loading Rampart/Rahas or when security header element is added programmatically
Hi, Sandesha2 fails when either Rampart or Rahas modules are loaded. Even if we don't load these, if we add security headers in the SOAP message using OMElement samlToken = ... client.addHeader(samlToken); then Sandesha2 fails. If I comment the addHeader out then Reliable Messaging works fine. Are there any work arounds to allow wsse header entries appended to the header programatically (or using Rampart) and still have RM work? Appreciate any information. - Nagi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
