Mmm, no. The only info about errors I could find was in this folder opensso\log\WSFederation.error. This file contains a single line with the WS-Trust message that the .NET passive STS is generating,
These are the redirections I am getting, 1. Trader client makes an Http GET to https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp?goto=http://apps.stonehenge.com:1316/trader_client 2. OpenSSO makes an Http GET to http://localhost/trade_identity ? All the WSTrust parameters (This is the .NET passive STS) 3. The .NET passive STS generates a form with action = "https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp"; This is the WS-TRUST message <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <trust:RequestSecurityTokenResponse Context="s2ceec7ad41fed61267f0f72c9557b77046c98ef7c"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-10T22:59:28.543Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2009-11-11T08:59:28.543Z</wsu:Expires> </trust:Lifetime> <z:ReplyTo xmlns:z="http://schemas.microsoft.com/ws/2008/06/identity";>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</z:ReplyTo> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing";> <Address>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_560fe2f7-f0c9-418b-8e74-4145f5c37b7b" Issuer="PassiveSTS" IssueInstant="2009-11-10T22:59:28.544Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions NotBefore="2009-11-10T22:59:28.543Z" NotOnOrAfter="2009-11-11T08:59:28.543Z"> <saml:AudienceRestrictionCondition> <saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience> </saml:AudienceRestrictionCondition> </saml:Conditions> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN";>uid:0...@stonehenge.com</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="role" AttributeNamespace="http://microsoft";> <saml:AttributeValue>staff</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva"; AuthenticationInstant="2009-11-10T22:59:28.543Z"> <saml:Subject> <saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN";>uid:0...@stonehenge.com</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthenticationStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#_560fe2f7-f0c9-418b-8e74-4145f5c37b7b"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>Bt97jrvwGHD7YYHGIrzseAERLz0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>DUWVbsicStAEAAjKECn6txzxY3R/Xqac69haLQnhiE7nzvDD40rQ9yME25+8f4mbyOSlQqM6t8gI+CD6wOOUIZHuCOGZw7FA/KLbhIVFhJfPbzeGqEXcrcplhhbHCiUDC0V5Dt8tRFJZEOIrb3Ytha9j+yOwwB9UJdZl63E2lMA=</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509Data> <X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> </saml:Assertion> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> The only error I am getting in OpenSSO is HTTP Status 403 (Access Denied to the specified resource) after the form with the WS-TRUST message is posted. Do you see something strange in the WS-TRUST message ? Thanks Pablo. -----Original Message----- From: jiandong....@sun.com [mailto:jiandong....@sun.com] Sent: Tuesday, November 10, 2009 6:13 PM To: stonehenge-dev@incubator.apache.org Subject: Re: Fifth interop test between Metro and .NET Pablo Cibraro wrote: > Thanks. The metro client is now calling the .NET passive STS, and this one is > returning a SAML token to the OpenSSO sp. Great! > The OpenSSO sp is throwing an with the following details, > The following exceptions should not be relevant. Do you see any other information in the server log for sp? Or check the opensso debug files in the config directory, e.g. C:\Documents and Settings\manveen\opensso\sp\opensso\debug. Thanks! Jiandong > [#|2009-11-10T14:00:44.647-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.wspolicy.PolicyWSDLParserExtension|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSP1007: > Policy exception occured when finishing WSDL parsing. > com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy assertion > creators try to register for namespace > 'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class: > 'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class: > 'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'. > at > com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184) > at > com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81) > at > com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105) > at > com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67) > at > com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85) > at > com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955) > at > com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187) > at > com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262) > at > com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531) > at > com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174) > at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147) > at > com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:5184) > at com.sun.enterprise.web.WebModule.start(WebModule.java:326) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:955) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533) > at org.apache.catalina.startup.Embedded.start(Embedded.java:936) > at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873) > at > com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790) > at > com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84) > at > com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442) > at > com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120) > at com.sun.enterprise.server.PEMain.run(PEMain.java:411) > at com.sun.enterprise.server.PEMain.main(PEMain.java:338) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412) > |#] > > [#|2009-11-10T14:00:44.649-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.server.http|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSSERVLET11: > failed to parse runtime descriptor: javax.xml.ws.WebServiceException: > WSP1007: Policy exception occured when finishing WSDL parsing. > javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when > finishing WSDL parsing. > at > com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959) > at > com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187) > at > com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262) > at > com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531) > at > com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174) > at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147) > at > com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:5184) > at com.sun.enterprise.web.WebModule.start(WebModule.java:326) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:955) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533) > at org.apache.catalina.startup.Embedded.start(Embedded.java:936) > at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873) > at > com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790) > at > com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84) > at > com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442) > at > com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120) > at com.sun.enterprise.server.PEMain.run(PEMain.java:411) > at com.sun.enterprise.server.PEMain.main(PEMain.java:338) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412) > Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy > assertion creators try to register for namespace > 'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class: > 'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class: > 'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'. > at > com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184) > at > com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81) > at > com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105) > at > com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67) > at > com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85) > at > com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955) > ... 44 more > |#] > > [#|2009-11-10T14:00:44.655-0400|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:5184) > at com.sun.enterprise.web.WebModule.start(WebModule.java:326) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:955) > at > com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58) > at > com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304) > at > com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176) > at > com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192) > at > com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533) > at org.apache.catalina.startup.Embedded.start(Embedded.java:936) > at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873) > at > com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790) > at > com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84) > at > com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442) > at > com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120) > at com.sun.enterprise.server.PEMain.run(PEMain.java:411) > at com.sun.enterprise.server.PEMain.main(PEMain.java:338) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412) > Caused by: com.sun.xml.ws.transport.http.servlet.WSServletException: > WSSERVLET11: failed to parse runtime descriptor: > javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when > finishing WSDL parsing. > at > com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:139) > ... 35 more > Caused by: javax.xml.ws.WebServiceException: WSP1007: Policy exception > occured when finishing WSDL parsing. > at > com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959) > at > com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187) > at > com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262) > at > com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531) > at > com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174) > at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253) > at > com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147) > at > com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124) > ... 35 more > Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy > assertion creators try to register for namespace > 'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class: > 'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class: > 'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'. > at > com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184) > at > com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81) > at > com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97) > at > com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105) > at > com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67) > at > com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103) > at > com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85) > at > com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955) > ... 44 more > |#] > > This is the SAML token the passive STS is generating, > > <saml:Assertion MajorVersion="1" MinorVersion="1" > AssertionID="_fa555580-fcac-4baa-9d10-e5b2dd64679c" Issuer="PassiveSTS" > IssueInstant="2009-11-10T17:24:58.844Z" > xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> > <saml:Conditions NotBefore="2009-11-10T17:24:58.342Z" > NotOnOrAfter="2009-11-11T03:24:58.342Z"> > <saml:AudienceRestrictionCondition> > > <saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience> > </saml:AudienceRestrictionCondition> > </saml:Conditions> > <saml:AttributeStatement> > <saml:Subject> > <saml:NameIdentifier > Format="http://schemas.xmlsoap.org/claims/UPN";>uid:0...@stonehenge.com</saml:NameIdentifier> > <saml:SubjectConfirmation> > > <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> > </saml:SubjectConfirmation> > </saml:Subject> > <saml:Attribute AttributeName="role" > AttributeNamespace="http://microsoft";> > <saml:AttributeValue>staff</saml:AttributeValue> > </saml:Attribute> > </saml:AttributeStatement> > <saml:AuthenticationStatement > AuthenticationMethod="http://microsoft/geneva"; > AuthenticationInstant="2009-11-10T17:24:58.844Z"> > <saml:Subject> > <saml:NameIdentifier > Format="http://schemas.xmlsoap.org/claims/UPN";>uid:0...@stonehenge.com</saml:NameIdentifier> > <saml:SubjectConfirmation> > > <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> > </saml:SubjectConfirmation> > </saml:Subject> > </saml:AuthenticationStatement> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#_fa555580-fcac-4baa-9d10-e5b2dd64679c"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <ds:DigestValue>cHUIIGuyRrYhtBJP3euTVomdwZc=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>FevVLUpP6BHExpoxwbENlBCJZflNNY6Av6R2y2Lm9kD0MKJn+WXx82sZdWWg/7VihoKrZomU4q/S6MJWplP3yXB4CM++/vcJns/yvjQPJZdtzfFHanzgStCQr7+ULK3TZYqJhcAHL34bHBo/Xnza58Yb7lU/iAKr1Q6OcBcM4Gk=</ds:SignatureValue> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> > <X509Data> > > <X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate> > </X509Data> > </KeyInfo> > </ds:Signature> > </saml:Assertion> > > Do you know what could be the issue in opensso ?. > > Thanks in advance > Pablo. > > -----Original Message----- > From: jiandong....@sun.com [mailto:jiandong....@sun.com] > Sent: Tuesday, November 10, 2009 5:55 AM > To: stonehenge-dev@incubator.apache.org > Subject: Re: Fifth interop test between Metro and .NET > > Hi Pablo, > > See inline ... > > Pablo Cibraro wrote: > >> Hi Jiandong, >> >> I need some of your help if it is possible to configure this scenario, >> >> Config Service -> Metro >> Business Service - Metro >> Passive STS -> .NET >> Active STS -> Metro >> Trader Client -> Metro >> I have two questions for you, >> >> >> 1. Is this the correct procedure to configure an external idp in >> OpenSSO ? >> >> > > Yes, the basic reference is > https://opensso.dev.java.net/public/use/docs/opensso/pdf/WSFedHowTo.pdf. > section 5 is about configure OpenSSO as SP with outside idp. > >> 2. How can I change the realm parameter to be an absolute URL (I could >> not find a way to change this in the .xml files) >> >> > The TokenIssuerName in fedsp.xml according to the document above. > > Thanks! > > Jiandong > >> Thanks >> Pablo. >> >> >> >> > > > >
