Re: Problem with loading Apache CXF STS with UT authentication

Mon, 11 Jun 2012 02:02:31 -0700 

CXF enforces the Basic Security Profile 1.1 spec:

http://www.ws-i.org/profiles/basicsecurityprofile-1.1.html

"R6611 Any SECURITY_TOKEN_REFERENCE to a SAML_V1_1_TOKEN MUST contain a
wsse11:TokenType attribute with a value of "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";. "

You can turn this off by setting the following jax-ws property
"ws-security.is-bsp-compliant" to "false" for the service provider.

Colm.

On Sat, Jun 9, 2012 at 12:00 AM, Gina Choi <[email protected]> wrote:

> I did some research and looked at oasis specification(
>
> https://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
> ),
> it looks like that wsse11:TokenType attribute is optional for SAML 1.1, but
> should contain
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1.
>
>
> <<<
>
> Now I am getting 'An invalid security token was provided (Bad TokenType
> "")'. I debugged through code again and following is the issue.
> org.apache.ws.security.str.BSPEnforcer.java(wss4j-1.6.6.jar) class Line 162
> - 169
>
>        String tokenType = secRef.getTokenType();
>        if (assertion.getSaml1() != null &&
> !WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)) {
>            throw new WSSecurityException(
>                WSSecurityException.INVALID_SECURITY_TOKEN,
>                "invalidTokenType",
>                 new Object[]{tokenType}
>            );
>        }
> The content of secRef object as follow. As you can see from above code, it
> is looking for an attribute named "TokenType", whose value is "
>
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
> " but SecurityTokenReference doesn't have it. That's why it throws
> exception. What we can do about this? I am going to update *CXF-4367 with
> new content.*
>
> <o:SecurityTokenReference xmlns:o="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>  <o:KeyIdentifier ValueType="
>
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
> ">
>  _ca94d3c5-0933-4af0-ac12-a83fd407310c</o:KeyIdentifier>
> </o:SecurityTokenReference>
>
> >>>>>>>>
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to