Colm,
<<<<<
Jun 11, 2012 5:09:18 PM org.apache.ws.security.saml.ext.AssertionWrapper
parseElement
*SEVERE: AssertionWrapper: found unexpected type
org.opensaml.xml.encryption.impl.EncryptedDataImpl*
Jun 11, 2012 5:11:16 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
*java.lang.NullPointerException*
at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
SAMLUtil.java:250*)
at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
SAMLUtil.java:149*)
>>>>>>>
Spent pretty long time today to figure that out. WSP generated a response
and I don't see any error message from server side. So, it looks like that
this exception was thrown by the client during security header validation.
Following is code for parseElement(Line696-709) method inside
org.apache.ws.security.saml.ext.AssertionWrapper.java(wss4j-1.6.6.jar)
class. So, 'element' type should be org.opensaml.saml1.core.Assertion to
make this code happy, but why should WSP generate a token which is saml1
Assertion type? I thought that only STS generates Assertion token. Kind of
confused here. Do you think of any configuration issue? Shouldn't throw an
exception inside else statement after logging if that condition is
unacceptable?
*private* *void* parseElement(Element element) *throws*WSSecurityException {
*this*.xmlObject = OpenSAMLUtil.*fromDom*(element);
*if* (xmlObject *instanceof* org.opensaml.saml1.core.Assertion) {
*this*.saml1 = (org.opensaml.saml1.core.Assertion) xmlObject;
samlVersion = SAMLVersion.*VERSION_11*;
} *else* *if* (xmlObject
*instanceof*org.opensaml.saml2.core.Assertion) {
*this*.saml2 = (org.opensaml.saml2.core.Assertion) xmlObject;
samlVersion = SAMLVersion.*VERSION_20*;
} *else* {
*LOG*.error(
"AssertionWrapper: found unexpected type "
+ (xmlObject != *null* ? xmlObject.getClass().getName() :
xmlObject)
);
}
assertionElement = element;
}
On Mon, Jun 11, 2012 at 12:01 PM, Gina Choi <[email protected]> wrote:
> Colm,
>
> <<<<
> You were getting the error on the service provider side no? You would have
> to set it on the service provider endpoint in this case.
> >>>>
>
> You are right. I forgot that WSP had a config file. After set it in the
> WSP config file, I passed that exception.
>
> Cool! WSP finally generated a response, but client is throwing an NPE. I
> will debut it and get back to you. I am getting close to the final line...
> Thanks a lot for all your help.
>
>
>
> ID: 2
>
> Response-Code: 200
>
> Encoding: UTF-8
>
> Content-Type: text/xml;charset=UTF-8
>
> Headers: {Content-Length=[5277], content-type=[text/xml;charset=UTF-8],
> Date=[Mon, 11 Jun 2012 15:53:42 GMT], Server=[Apache-Coyote/1.1]}
>
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action xmlns="
> http://www.w3.org/2005/08/addressing"; xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-12083469">
> http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItResponse</Action><MessageIDxmlns="
> http://www.w3.org/2005/08/addressing"; xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-14292879">urn:uuid:c6db815d-2eda-4f38-b8f5-a155e11bc9fc</MessageID><To
> xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-23067900">
> http://www.w3.org/2005/08/addressing/anonymous</To><RelatesTo xmlns="
> http://www.w3.org/2005/08/addressing"; xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-4247180">urn:uuid:2a1f2ddc-0570-4d0b-985d-13bef961cad1</RelatesTo><wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> soap:mustUnderstand="1"><wsu:Timestamp
> wsu:Id="TS-4"><wsu:Created>2012-06-11T15:53:42.336Z</wsu:Created><wsu:Expires>2012-06-11T15:58:42.336Z</wsu:Expires></wsu:Timestamp><xenc:ReferenceList
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:DataReference
> URI="#ED-6"/></xenc:ReferenceList><ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#";
> Id="SIG-5"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><ds:Reference
> URI="#Id-25899396"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8U8AaCZDk7jpxiWM7rbV4qwjfxM=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#Id-23067900"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>zLPoiOCsm2/WxFnuq/1NTjy2uPQ=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#Id-14292879"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UhPP+RcBZs61Ys6Xzgsp5cz1as4=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#Id-4247180"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Er7vUiI3Rlg9Y+M4JZkvBbiFSb8=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#Id-12083469"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Gma/VRqyG0J6ctWBsG/E5TWs4jk=</ds:DigestValue></ds:Reference><ds:Reference
> URI="#TS-4"><ds:Transforms><ds:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>AdVhb1lPcz0NVbvtc6iMJj4Ydms=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>UrGOgYlMLnkIn1VDZLiY2HCJjBY=</ds:SignatureValue><ds:KeyInfo
> Id="KI-9CECF537B18A5D2E2113394300223373"><wsse:SecurityTokenReference
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
> wsu:Id="STR-9CECF537B18A5D2E2113394300223374"><wsse:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_e947a1b5-68f5-49b1-bbff-aa4f98935156</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-25899396"><xenc:EncryptedData xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#"; Id="ED-6" Type="
> http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";><wsse:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
> ">_e947a1b5-68f5-49b1-bbff-aa4f98935156</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cTsoQzby7eNZDnrXKb7yXo/G1AzGre8QeKzjOuxtq5XqdkHLoG8I7erBJZClIRX9ZSWt0Pe6hw7cvxo4o8Sctr3UWYx7cJlVwQsYQrk5L3hEKynJp9b+ILkDjQ6NqdwWQp1bFNEnVmjQNH2VoiM9hqLG695R5v2lXBzspwlAwvagZI6ySbh2UrkMRT7Q8VlWf6vok0K7FyebINs3wSrkkQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
>
> --------------------------------------
>
> Jun 11, 2012 11:53:43 AM org.apache.ws.security.saml.ext.AssertionWrapper
> parseElement
>
> SEVERE: AssertionWrapper: found unexpected type
> org.opensaml.xml.encryption.impl.EncryptedDataImpl
>
> Jun 11, 2012 11:53:43 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
>
> WARNING: Interceptor for {
> http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
> thrown exception, unwinding now
>
> *java.lang.NullPointerException*
>
> at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
> SAMLUtil.java:250*)
>
> at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
> SAMLUtil.java:149*)
>
> at
> org.apache.ws.security.str.SecurityTokenRefSTRParser.getSecretKeyFromAssertion(
> *SecurityTokenRefSTRParser.java:284*)
>
> at
> org.apache.ws.security.str.SecurityTokenRefSTRParser.parseSecurityTokenReference(
> *SecurityTokenRefSTRParser.java:141*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(
> *ReferenceListProcessor.java:164*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(
> *ReferenceListProcessor.java:100*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.handleToken(*
> ReferenceListProcessor.java:60*)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(*
> WSSecurityEngine.java:396*)
>
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(*
> WSS4JInInterceptor.java:289*)
>
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(*
> WSS4JInInterceptor.java:97*)
>
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(*
> PhaseInterceptorChain.java:262*)
>
> at org.apache.cxf.endpoint.ClientImpl.onMessage(*
> ClientImpl.java:798*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> *HTTPConduit.java:1679*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> *HTTPConduit.java:1532*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(*
> HTTPConduit.java:1440*)
>
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(*
> CacheAndWriteOutputStream.java:47*)
>
> at org.apache.cxf.io.CachedOutputStream.close(*
> CachedOutputStream.java:187*)
>
> at org.apache.cxf.transport.AbstractConduit.close(*
> AbstractConduit.java:56*)
>
> at org.apache.cxf.transport.http.HTTPConduit.close(*
> HTTPConduit.java:658*)
>
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> *MessageSenderInterceptor.java:62*)
>
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(*
> PhaseInterceptorChain.java:262*)
>
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(*ClientImpl.java:532
> *)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:464*)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:367*)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:320*)
>
> at org.apache.cxf.frontend.ClientProxy.invokeSync(*
> ClientProxy.java:89*)
>
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(*
> JaxWsClientProxy.java:134*)
>
> at $Proxy26.doubleIt(Unknown Source)
>
> at client.WSClient.doubleIt(*WSClient.java:18*)
>
> at client.WSClient.main(*WSClient.java:11*)
>
> Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*: Fault
> string, and possibly fault code, not set
>
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(*
> JaxWsClientProxy.java:156*)
>
> at $Proxy26.doubleIt(Unknown Source)
>
> at client.WSClient.doubleIt(*WSClient.java:18*)
>
> at client.WSClient.main(*WSClient.java:11*)
>
> Caused by: *java.lang.NullPointerException*
>
> at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
> SAMLUtil.java:250*)
>
> at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(*
> SAMLUtil.java:149*)
>
> at
> org.apache.ws.security.str.SecurityTokenRefSTRParser.getSecretKeyFromAssertion(
> *SecurityTokenRefSTRParser.java:284*)
>
> at
> org.apache.ws.security.str.SecurityTokenRefSTRParser.parseSecurityTokenReference(
> *SecurityTokenRefSTRParser.java:141*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(
> *ReferenceListProcessor.java:164*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(
> *ReferenceListProcessor.java:100*)
>
> at
> org.apache.ws.security.processor.ReferenceListProcessor.handleToken(*
> ReferenceListProcessor.java:60*)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(*
> WSSecurityEngine.java:396*)
>
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(*
> WSS4JInInterceptor.java:289*)
>
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(*
> WSS4JInInterceptor.java:97*)
>
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(*
> PhaseInterceptorChain.java:262*)
>
> at org.apache.cxf.endpoint.ClientImpl.onMessage(*
> ClientImpl.java:798*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> *HTTPConduit.java:1679*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> *HTTPConduit.java:1532*)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(*
> HTTPConduit.java:1440*)
>
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(*
> CacheAndWriteOutputStream.java:47*)
>
> at org.apache.cxf.io.CachedOutputStream.close(*
> CachedOutputStream.java:187*)
>
> at org.apache.cxf.transport.AbstractConduit.close(*
> AbstractConduit.java:56*)
>
> at org.apache.cxf.transport.http.HTTPConduit.close(*
> HTTPConduit.java:658*)
>
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> *MessageSenderInterceptor.java:62*)
>
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(*
> PhaseInterceptorChain.java:262*)
>
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(*ClientImpl.java:532
> *)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:464*)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:367*)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:320*)
>
> at org.apache.cxf.frontend.ClientProxy.invokeSync(*
> ClientProxy.java:89*)
>
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(*
> JaxWsClientProxy.java:134*)
>
> ... 3 more
>
>
>
