Thanks for pointing me in the right direction.
basically what the documentation lacks is that the ststrust.jks must
contain MyTCIDP.cer, i.e.
keytool -import -trustcacerts -keystore ststrust.jks -storepass
storepass -alias idpcert -file MyTCIDP.cer -noprompt
i looked through the original
Hi,
The SayHi and SayHiResponse are just wrappers around string request/response.
They are necessary, because only a string cannot be sent as a valid XML.
The wrapper types are generated by default on the base of method name (sayHi),
so you don't need to define them explicitly in java code.
You
Hi,
I generated my SOAP client code using Apache CXF 3.0.4. When I message the
SOAP service (not under my control), I was receiving an error indicating the
namespace used in my message is wrong. I debugged a bit and noticed that the
message version is Soap11 so I changed it (via my
In the java_first_jaxws sample of cxf there are for example no SayHi and
SayHiResponse types.
Why not? Aren't they needed for (de)serialization?
In the wsdl_first sample, types like GetCustomersByName and
GetCustomersByNameResponse are there, and in the debugger I saw that they
are used.
When I
On Wed, Oct 25, 2017 at 2:02 PM, pra...@tracelink.com
wrote:
> Should the wsdl basically look like this?
>
Probably, although you should really ask the designer of the security
policy what they security requirements should be. The SignedSupportingToken
may or may not be
Should the wsdl basically look like this?
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;>...
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;>...
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;>...
Colm,
Thank you. That makes sense.
I just wonder if I am the only one trying to integrate CXF and Websphere.
Mark
-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, October 25, 2017 5:06 AM
To: markfu...@yahoo.com
Cc: users@cxf.apache.org
When I use javaws, SayHi and SayHiResponse are there.
Thanks!
On Wed, Oct 25, 2017 at 2:35 PM, Eric J. Van der Velden <
ericjvandervel...@gmail.com> wrote:
> In the java_first_jaxws sample of cxf there are for example no SayHi and
> SayHiResponse types.
>
> Why not? Aren't they needed for
Your truststore in cxf-tls.xml must trust the certificate presented by the
STS. Also, it must contain a keystore with the private key of the IdP,
which in turn must be trusted by the STS.
Colm.
On Wed, Oct 25, 2017 at 1:19 PM, Matthew Broadhead <
matthew.broadh...@nbmlaw.co.uk> wrote:
> Are the
Are the two keystores responsible for the trust between idp and sts are
supposed to be
stsrealm_a.jks and ststrust.jks
it is just that the cert it is not trusting is the idp-ssl-key.jks
(domain.tld) which makes sense if it is hitting domain.tls:9443/idp etc
does this mean ststrust.jks should
You'll need to go through the output to figure out why the cert is not
trusted. If you generate some test certs + create a testcase somewhere I
will take a look.
Colm.
On Wed, Oct 25, 2017 at 12:47 PM, Matthew Broadhead <
matthew.broadh...@nbmlaw.co.uk> wrote:
> i get a load of stuff, but in
i get a load of stuff, but in the middle of the one before the error i get
Warning: no suitable certificate found - continuing without client
authentication
On 25/10/2017 13:42, Matthew Broadhead wrote:
ahhh...
-Djavax.net.debug=all
On 25/10/2017 13:39, Matthew Broadhead wrote:
How would I
ahhh...
-Djavax.net.debug=all
On 25/10/2017 13:39, Matthew Broadhead wrote:
How would I enable the debug?
services/idp/src/main/webapp/WEB-INF/security-config.xml
?
On 25/10/2017 13:37, Colm O hEigeartaigh wrote:
If you change it to "required" does it fail? If so, you could try
running
the
How would I enable the debug?
services/idp/src/main/webapp/WEB-INF/security-config.xml ?
On 25/10/2017 13:37, Colm O hEigeartaigh wrote:
If you change it to "required" does it fail? If so, you could try running
the Tomcat IdP with Java SSL debugging enabled and it should tell you why
the IdP
If you change it to "required" does it fail? If so, you could try running
the Tomcat IdP with Java SSL debugging enabled and it should tell you why
the IdP can't connect to the STS.
Colm.
On Wed, Oct 25, 2017 at 12:34 PM, Matthew Broadhead <
matthew.broadh...@nbmlaw.co.uk> wrote:
> Hi Colm,
>
>
Hi Colm,
I realise now that this html file was included in the
examples/samplekeys directory in the code. but i was taking it from the
internet.
I am 100% using clientAuth="want" on my Tomcat connector but I am still
getting the same error over and again. I can browse the wsdl without
You can see the HTML here:
https://htmlpreview.github.io/?https://raw.githubusercontent.com/apache/cxf-fediz/master/examples/samplekeys/HowToGenerateKeysREADME.html
I'll update the webpage to point to github instead of SVN.
Colm.
On Wed, Oct 25, 2017 at 11:39 AM, Matthew Broadhead <
Hi Colm
Firstly is there somewhere to see these instructions correctly formatted
in html?
https://github.com/apache/cxf-fediz/blob/master/examples/samplekeys/HowToGenerateKeysREADME.html
Secondly there is a massive difference between
Why not try the simple Connector configuration I gave earlier but with your
own keys?
Colm.
On Wed, Oct 25, 2017 at 11:04 AM, Matthew Broadhead <
matthew.broadh...@nbmlaw.co.uk> wrote:
> in Tomcat 8 https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#
>
in Tomcat 8
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_Connector_-_NIO_and_NIO2
it says
clientAuth
This is an alias for the certificateVerification attribute of the
default SSLHostConfig element.
then
certificateVerification
Set to required if you want the SSL
The problem is that your Tomcat container hosting the STS is not asking for
client authentication. You can check this by using a web browser or curl to
view the WSDL of the STS - if you can get it to work then the configuration
is incorrect, as it should error on the browser not supplying a client
The problem here is that you have ExactlyOne/All and then multiple security
binding policies, so CXF interprets this as both the AsymmetricBinding and
TransportBinding are required. Instead, your security policy should read
something like:
ExactlyOne
All
AsymmetricBinding
/All
The Basic Security Profile mandates that EncryptedData structures must come
after EncryptedKey structures that reference them:
http://www.ws-i.org/profiles/basicsecurityprofile-1.1.html#EncryptedKey_Precedes_EncryptedData
Your best bet is to re-order the header on the receiving side so that the
23 matches
Mail list logo