The version of ws-federation passive profile supported in OpenSSO is
before 1.1. So no
RequestSecurityTokenResponseCollection with
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" ;-) .
Is it possible to configure .Net Passive STS to create
<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
Thanks!
Jiandong
Pablo Cibraro wrote:
Pablo Cibraro wrote:
Mmm, no. The only info about errors I could find was in this folder
opensso\log\WSFederation.error. This file contains a single line with the
WS-Trust message that the .NET passive STS is generating,
These are the redirections I am getting,
1. Trader client makes an Http GET to
https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp?goto=http://apps.stonehenge.com:1316/trader_client
2. OpenSSO makes an Http GET to http://localhost/trade_identity ? All the
WSTrust parameters (This is the .NET passive STS)
3. The .NET passive STS generates a form with action =
"https://sp.stonehenge.com:8080/WSFederationServlet/metaAlias/Fedsp"
This is the WS-TRUST message
<trust:RequestSecurityTokenResponseCollection
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse
Context="s2ceec7ad41fed61267f0f72c9557b77046c98ef7c">
<trust:Lifetime>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-10T22:59:28.543Z</wsu:Created>
<wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-11T08:59:28.543Z</wsu:Expires>
</trust:Lifetime>
<z:ReplyTo
xmlns:z="http://schemas.microsoft.com/ws/2008/06/identity">https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</z:ReplyTo>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</Address>
</EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_560fe2f7-f0c9-418b-8e74-4145f5c37b7b"
Issuer="PassiveSTS" IssueInstant="2009-11-10T22:59:28.544Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-10T22:59:28.543Z"
NotOnOrAfter="2009-11-11T08:59:28.543Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN">uid:0...@stonehenge.com</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="role"
AttributeNamespace="http://microsoft">
<saml:AttributeValue>staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva"
AuthenticationInstant="2009-11-10T22:59:28.543Z">
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN">uid:0...@stonehenge.com</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_560fe2f7-f0c9-418b-8e74-4145f5c37b7b">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<ds:DigestValue>Bt97jrvwGHD7YYHGIrzseAERLz0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUWVbsicStAEAAjKECn6txzxY3R/Xqac69haLQnhiE7nzvDD40rQ9yME25+8f4mbyOSlQqM6t8gI+CD6wOOUIZHuCOGZw7FA/KLbhIVFhJfPbzeGqEXcrcplhhbHCiUDC0V5Dt8tRFJZEOIrb3Ytha9j+yOwwB9UJdZl63E2lMA=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</trust:RequestedSecurityToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_560fe2f7-f0c9-418b-8e74-4145f5c37b7b</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
The only error I am getting in OpenSSO is HTTP Status 403 (Access Denied to the
specified resource) after the form with the WS-TRUST message is posted.
Do you see something strange in the WS-TRUST message ?
Thanks
Pablo.
-----Original Message-----
From: jiandong....@sun.com [mailto:jiandong....@sun.com]
Sent: Tuesday, November 10, 2009 6:13 PM
To: stonehenge-dev@incubator.apache.org
Subject: Re: Fifth interop test between Metro and .NET
Pablo Cibraro wrote:
Thanks. The metro client is now calling the .NET passive STS, and this one is
returning a SAML token to the OpenSSO sp.
Great!
The OpenSSO sp is throwing an with the following details,
The following exceptions should not be relevant.
Do you see any other information in the server log for sp?
Or check the opensso debug files in the config directory, e.g.
C:\Documents and Settings\manveen\opensso\sp\opensso\debug.
Thanks!
Jiandong
[#|2009-11-10T14:00:44.647-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.wspolicy.PolicyWSDLParserExtension|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSP1007:
Policy exception occured when finishing WSDL parsing.
com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy assertion
creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
|#]
[#|2009-11-10T14:00:44.649-0400|SEVERE|sun-appserver9.1|com.sun.xml.ws.server.http|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|WSSERVLET11:
failed to parse runtime descriptor: javax.xml.ws.WebServiceException: WSP1007:
Policy exception occured when finishing WSDL parsing.
javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when
finishing WSDL parsing.
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy
assertion creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
... 44 more
|#]
[#|2009-11-10T14:00:44.655-0400|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=570cda77-1918-4cbe-b3c6-13f1b82a2033;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sun.identity.wss.sts.STSContextListener.contextInitialized(STSContextListener.java:107)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4523)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:5184)
at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.VirtualServer.startChildren(VirtualServer.java:1672)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:955)
at
com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
at
com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
at
com.sun.appserv.management.util.misc.RunnableBase._submit(RunnableBase.java:176)
at
com.sun.appserv.management.util.misc.RunnableBase.submit(RunnableBase.java:192)
at
com.sun.enterprise.web.EmbeddedWebContainer$WebEngine.startChildren(EmbeddedWebContainer.java:453)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1231)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:533)
at org.apache.catalina.startup.Embedded.start(Embedded.java:936)
at com.sun.enterprise.web.WebContainer.start(WebContainer.java:873)
at
com.sun.enterprise.web.PEWebContainer.startInstance(PEWebContainer.java:790)
at
com.sun.enterprise.web.PEWebContainerLifecycle.onStartup(PEWebContainerLifecycle.java:84)
at
com.sun.enterprise.server.ApplicationServer.onStartup(ApplicationServer.java:442)
at
com.sun.enterprise.server.ondemand.OnDemandServer.onStartup(OnDemandServer.java:120)
at com.sun.enterprise.server.PEMain.run(PEMain.java:411)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
Caused by: com.sun.xml.ws.transport.http.servlet.WSServletException:
WSSERVLET11: failed to parse runtime descriptor:
javax.xml.ws.WebServiceException: WSP1007: Policy exception occured when
finishing WSDL parsing.
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:139)
... 35 more
Caused by: javax.xml.ws.WebServiceException: WSP1007: Policy exception occured
when finishing WSDL parsing.
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:959)
at
com.sun.xml.ws.wsdl.parser.DelegatingParserExtension.postFinished(DelegatingParserExtension.java:187)
at
com.sun.xml.ws.wsdl.parser.WSDLParserExtensionFacade.postFinished(WSDLParserExtensionFacade.java:334)
at
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:262)
at
com.sun.xml.ws.server.EndpointFactory.getWSDLPort(EndpointFactory.java:531)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:174)
at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(DeploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(DeploymentDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextInitialized(WSServletContextListener.java:124)
... 35 more
Caused by: com.sun.xml.ws.policy.PolicyException: WSP0071: Multiple policy
assertion creators try to register for namespace
'http://schemas.xmlsoap.org/ws/2005/02/rm/policy'. Old creator`s class:
'com.sun.xml.ws.rx.policy.spi_impl.RxAssertionCreator', new creator`s class:
'com.sun.xml.ws.rm.policy.spi_impl.RmAssertionCreator'.
at
com.sun.xml.ws.policy.sourcemodel.PolicyModelTranslator.<init>(PolicyModelTranslator.java:184)
at
com.sun.xml.ws.api.policy.ModelTranslator.<init>(ModelTranslator.java:81)
at
com.sun.xml.ws.api.policy.ModelTranslator.<clinit>(ModelTranslator.java:70)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicies(BuilderHandler.java:97)
at
com.sun.xml.ws.policy.BuilderHandler.getPolicySubjects(BuilderHandler.java:105)
at
com.sun.xml.ws.policy.BuilderHandlerEndpointScope.doPopulate(BuilderHandlerEndpointScope.java:67)
at com.sun.xml.ws.policy.BuilderHandler.populate(BuilderHandler.java:77)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getNewPolicyMap(PolicyMapBuilder.java:103)
at
com.sun.xml.ws.policy.PolicyMapBuilder.getPolicyMap(PolicyMapBuilder.java:85)
at
com.sun.xml.ws.policy.PolicyWSDLParserExtension.postFinished(PolicyWSDLParserExtension.java:955)
... 44 more
|#]
This is the SAML token the passive STS is generating,
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_fa555580-fcac-4baa-9d10-e5b2dd64679c"
Issuer="PassiveSTS" IssueInstant="2009-11-10T17:24:58.844Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-10T17:24:58.342Z"
NotOnOrAfter="2009-11-11T03:24:58.342Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://sp.stonehenge.com:8180/opensso/WSFederationServlet/metaAlias/Fedsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN">uid:0...@stonehenge.com</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="role" AttributeNamespace="http://microsoft">
<saml:AttributeValue>staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthenticationStatement AuthenticationMethod="http://microsoft/geneva"
AuthenticationInstant="2009-11-10T17:24:58.844Z">
<saml:Subject>
<saml:NameIdentifier
Format="http://schemas.xmlsoap.org/claims/UPN">uid:0...@stonehenge.com</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
<ds:Reference URI="#_fa555580-fcac-4baa-9d10-e5b2dd64679c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>cHUIIGuyRrYhtBJP3euTVomdwZc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>FevVLUpP6BHExpoxwbENlBCJZflNNY6Av6R2y2Lm9kD0MKJn+WXx82sZdWWg/7VihoKrZomU4q/S6MJWplP3yXB4CM++/vcJns/yvjQPJZdtzfFHanzgStCQr7+ULK3TZYqJhcAHL34bHBo/Xnza58Yb7lU/iAKr1Q6OcBcM4Gk=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIB8DCCAVmgAwIBAgIQblTMtVPsaJNFRKtH3ePDszANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdCU0wuQ29tMB4XDTA4MDUyMTA0NDgxNVoXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQlNMLkNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArai/gNTS+dU4GvMSB5VfkFL1e5ielRhgtnWJ70Xpl51ABksTFkpRNcLDo56sdXtnk3sKEGWe2QeQ1uoBo0bN7aQTsHCNjuT5K/YD4/y2j+oeRESrz905mJ4owW08MnxkhUzpa6+iPGq0l3TdZaG0GHuuky6wEWe3Chc0hdwCdv0CAwEAAaNHMEUwQwYDVR0BBDwwOoAQcMZu+2G/jyh39/5QO/5nIKEUMBIxEDAOBgNVBAMTB0JTTC5Db22CEG5UzLVT7GiTRUSrR93jw7MwDQYJKoZIhvcNAQEEBQADgYEApc0gYQl50mS2RklQnoCpRX/wEfdwhNIQXcMj/6eqcf9Ul6623Ge2jDNMgQesLAK+rp+kKFqgL6F4odrqxY1u00QvUPQi9LLjWBUi1xAiNnd9lBwmD7z4ITsxhU40/ON+GVIHJ1CbeWvTwE5TaFyCP6uRSDX1Ojv+tovYt6X5Y4w=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
Do you know what could be the issue in opensso ?.
Thanks in advance
Pablo.
-----Original Message-----
From: jiandong....@sun.com [mailto:jiandong....@sun.com]
Sent: Tuesday, November 10, 2009 5:55 AM
To: stonehenge-dev@incubator.apache.org
Subject: Re: Fifth interop test between Metro and .NET
Hi Pablo,
See inline ...
Pablo Cibraro wrote:
Hi Jiandong,
I need some of your help if it is possible to configure this scenario,
Config Service -> Metro
Business Service - Metro
Passive STS -> .NET
Active STS -> Metro
Trader Client -> Metro
I have two questions for you,
1. Is this the correct procedure to configure an external idp in OpenSSO ?
Yes, the basic reference is
https://opensso.dev.java.net/public/use/docs/opensso/pdf/WSFedHowTo.pdf.
section 5 is about configure OpenSSO as SP with outside idp.
2. How can I change the realm parameter to be an absolute URL (I could
not find a way to change this in the .xml files)
The TokenIssuerName in fedsp.xml according to the document above.
Thanks!
Jiandong
Thanks
Pablo.