Hi, I am trying to create an STS using CXF. Right now I have a very basic STS implementation that just returns a hard coded SAML 2.0 token. Right now I am just creating the STS client and calling requestSecurityToken(). I was using CXF 2.2.5 and I was able send the request and get my hard coded saml token back but the STSClient was throwing an exception saying that it could not determine a Token ID from RequestSecurityToken Response. I tried using CXF 2.2.6 but the message that the STS client sends is not valid.
CXF 2.2.5 message <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header> <Action xmlns="http://www.w3.org/2005/08/addressing";>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:011b65c5-dffd-4ddb-9ab5-56ec9dd357fe</MessageID> <To xmlns="http://www.w3.org/2005/08/addressing";>http://localhost/services/sts</To> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> </ReplyTo> </soap:Header> <soap:Body> <wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType> <wst:KeySize>256</wst:KeySize> <wst:Entropy> <wst:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce";>7ZKTA8MENMk=</wst:BinarySecret> </wst:Entropy> <wst:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</wst:ComputedKeyAlgorithm> </wst:RequestSecurityToken> </soap:Body> </soap:Envelope> CXF 2.2.6 message <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header> <Action xmlns="http://www.w3.org/2005/08/addressing";>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:5a5d50d4-f6f4-4d92-a6e7-2a98dbd2f1a5</MessageID> <To xmlns="http://www.w3.org/2005/08/addressing";>http://localhost/services/sts</To> <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> </ReplyTo> </soap:Header> <soap:Body> <wst:RequestSecurityToken> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType> <wst:KeySize>256</wst:KeySize> <wst:Entropy> <wst:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce";>cLzr27D8kZs=</wst:BinarySecret> </wst:Entropy> <wst:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</wst:ComputedKeyAlgorithm> </wst:RequestSecurityToken> </soap:Body> </soap:Envelope> Notice the missing wst namespace binding on <wst:RequestSecurityToken>. Anyone know what is causing this? Here's the response I send from the STS's Issue method. <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header> <Action xmlns="http://www.w3.org/2005/08/addressing";>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action> <MessageID xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:4f9fed96-7d08-40f2-b6fb-3f59361dfd69</MessageID> <To xmlns="http://www.w3.org/2005/08/addressing";>http://www.w3.org/2005/08/addressing/anonymous</To> <RelatesTo xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:bf2877a6-effc-488e-9e43-6592c6146263</RelatesTo> </soap:Header> <soap:Body> <ns2:RequestSecurityTokenResponse xmlns="http://service.example.com"; xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</ns2:TokenType> <ns2:RequestedSecurityToken> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; ID="12345" IssueInstant="2010-03-01T14:12:17.649-05:00" Version="2.0"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="nycapt35k.com">http://service.example.com</saml2:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#12345"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>YjV9NMHmUX/6uMK23I0e/ZsQyWk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> K9OkRkOrCTWWq0GsDqsdiz7ZO6Do0/hcrJ3sXo80H9wERrCZnOl6ruSWZHAOCpm+1oaieDIDWyR8 FzZnjuE60aSQWXCZfgDQDs/ldEEg7B1KR4nzYnRl0PlFMeFZzlTT2CLIOnexwMrfPBihNktz4JcB rRt0VwNAABCsPen9oSU= </ds:SignatureValue> <ds:KeyInfo> <ds:KeyValue> <ds:RSAKeyValue> <ds:Modulus> hP+W377YbK5AkrcEINzfaTR/YNk2lDgRia8FVeoOr8guwxKwsuvQ+9Nq7F74i53Y7my2fV+8WwWN R/5ewSbSTpzYYVH1SAxp+EcZNkedP6f6x+W6uVIkm2W3jg2k+h9yV3l2e9iJXbQ61nGNbMetKwgr Wmy0vFNaq5DhLPQi8D8= </ds:Modulus> <ds:Exponent>AQAB</ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName" NameQualifier="example.com">jdoe</saml2:NameID> </saml2:Subject> <saml2:AuthnStatement AuthnInstant="2010-03-01T14:12:17.649-05:00"> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> <saml2:AuthenticatingAuthority/> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </ns2:RequestedSecurityToken> </ns2:RequestSecurityTokenResponse> </soap:Body> </soap:Envelope>
