Hi Gina, I've just committed a potential fix for this problem to WSS4J. Could you add a dependency in your client pom to WSS4J 1.6.7-SNAPSHOT and let me know if it works?
Colm. On Mon, Jun 11, 2012 at 10:50 PM, Gina Choi <[email protected]> wrote: > Colm, > > <<<<< > > Jun 11, 2012 5:09:18 PM org.apache.ws.security.saml.ext.AssertionWrapper > parseElement > > *SEVERE: AssertionWrapper: found unexpected type > org.opensaml.xml.encryption.impl.EncryptedDataImpl* > > Jun 11, 2012 5:11:16 PM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > > WARNING: Interceptor for { > > http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas > thrown exception, unwinding now > > *java.lang.NullPointerException* > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > SAMLUtil.java:250*) > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > SAMLUtil.java:149*) > >>>>>>> > > Spent pretty long time today to figure that out. WSP generated a response > and I don't see any error message from server side. So, it looks like that > this exception was thrown by the client during security header validation. > > Following is code for parseElement(Line696-709) method inside > org.apache.ws.security.saml.ext.AssertionWrapper.java(wss4j-1.6.6.jar) > class. So, 'element' type should be org.opensaml.saml1.core.Assertion to > make this code happy, but why should WSP generate a token which is saml1 > Assertion type? I thought that only STS generates Assertion token. Kind of > confused here. Do you think of any configuration issue? Shouldn't throw an > exception inside else statement after logging if that condition is > unacceptable? > > > > *private* *void* parseElement(Element element) > *throws*WSSecurityException { > > *this*.xmlObject = OpenSAMLUtil.*fromDom*(element); > > *if* (xmlObject *instanceof* org.opensaml.saml1.core.Assertion) { > > *this*.saml1 = (org.opensaml.saml1.core.Assertion) xmlObject; > > samlVersion = SAMLVersion.*VERSION_11*; > > } *else* *if* (xmlObject > *instanceof*org.opensaml.saml2.core.Assertion) { > > *this*.saml2 = (org.opensaml.saml2.core.Assertion) xmlObject; > > samlVersion = SAMLVersion.*VERSION_20*; > > } *else* { > > *LOG*.error( > > "AssertionWrapper: found unexpected type " > > + (xmlObject != *null* ? xmlObject.getClass().getName() : > xmlObject) > > ); > > } > > > > assertionElement = element; > > } > > > On Mon, Jun 11, 2012 at 12:01 PM, Gina Choi <[email protected]> wrote: > > > Colm, > > > > <<<< > > You were getting the error on the service provider side no? You would > have > > to set it on the service provider endpoint in this case. > > >>>> > > > > You are right. I forgot that WSP had a config file. After set it in the > > WSP config file, I passed that exception. > > > > Cool! WSP finally generated a response, but client is throwing an NPE. I > > will debut it and get back to you. I am getting close to the final > line... > > Thanks a lot for all your help. > > > > > > > > ID: 2 > > > > Response-Code: 200 > > > > Encoding: UTF-8 > > > > Content-Type: text/xml;charset=UTF-8 > > > > Headers: {Content-Length=[5277], content-type=[text/xml;charset=UTF-8], > > Date=[Mon, 11 Jun 2012 15:53:42 GMT], Server=[Apache-Coyote/1.1]} > > > > Payload: <soap:Envelope xmlns:soap=" > > http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action xmlns=" > > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="Id-12083469"> > > > http://www.example.org/contract/DoubleIt/DoubleItPortType/DoubleItResponse > </Action><MessageIDxmlns=" > > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > > wsu:Id="Id-14292879">urn:uuid:c6db815d-2eda-4f38-b8f5-a155e11bc9fc</MessageID><To > > xmlns="http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="Id-23067900"> > > http://www.w3.org/2005/08/addressing/anonymous</To><RelatesTo xmlns=" > > http://www.w3.org/2005/08/addressing"; xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > > wsu:Id="Id-4247180">urn:uuid:2a1f2ddc-0570-4d0b-985d-13bef961cad1</RelatesTo><wsse:Security > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > soap:mustUnderstand="1"><wsu:Timestamp > > > wsu:Id="TS-4"><wsu:Created>2012-06-11T15:53:42.336Z</wsu:Created><wsu:Expires>2012-06-11T15:58:42.336Z</wsu:Expires></wsu:Timestamp><xenc:ReferenceList > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:DataReference > > URI="#ED-6"/></xenc:ReferenceList><ds:Signature xmlns:ds=" > > http://www.w3.org/2000/09/xmldsig#"; > > Id="SIG-5"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod > Algorithm=" > > http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><ds:Reference > > URI="#Id-25899396"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>8U8AaCZDk7jpxiWM7rbV4qwjfxM=</ds:DigestValue></ds:Reference><ds:Reference > > URI="#Id-23067900"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>zLPoiOCsm2/WxFnuq/1NTjy2uPQ=</ds:DigestValue></ds:Reference><ds:Reference > > URI="#Id-14292879"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>UhPP+RcBZs61Ys6Xzgsp5cz1as4=</ds:DigestValue></ds:Reference><ds:Reference > > URI="#Id-4247180"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>Er7vUiI3Rlg9Y+M4JZkvBbiFSb8=</ds:DigestValue></ds:Reference><ds:Reference > > URI="#Id-12083469"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>Gma/VRqyG0J6ctWBsG/E5TWs4jk=</ds:DigestValue></ds:Reference><ds:Reference > > URI="#TS-4"><ds:Transforms><ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n# > "/></ds:Transforms><ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>AdVhb1lPcz0NVbvtc6iMJj4Ydms=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>UrGOgYlMLnkIn1VDZLiY2HCJjBY=</ds:SignatureValue><ds:KeyInfo > > Id="KI-9CECF537B18A5D2E2113394300223373"><wsse:SecurityTokenReference > > xmlns:wsse11=" > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > wsse11:TokenType=" > > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 > " > > wsu:Id="STR-9CECF537B18A5D2E2113394300223374"><wsse:KeyIdentifier > > ValueType=" > > > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID > ">_e947a1b5-68f5-49b1-bbff-aa4f98935156</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > wsu:Id="Id-25899396"><xenc:EncryptedData xmlns:xenc=" > > http://www.w3.org/2001/04/xmlenc#"; Id="ED-6" Type=" > > http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><ds:KeyInfo > > xmlns:ds="http://www.w3.org/2000/09/xmldsig# > "><wsse:SecurityTokenReference > > xmlns:wsse11=" > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > > wsse11:TokenType=" > > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 > "><wsse:KeyIdentifier > > ValueType=" > > > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID > > > ">_e947a1b5-68f5-49b1-bbff-aa4f98935156</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>cTsoQzby7eNZDnrXKb7yXo/G1AzGre8QeKzjOuxtq5XqdkHLoG8I7erBJZClIRX9ZSWt0Pe6hw7cvxo4o8Sctr3UWYx7cJlVwQsYQrk5L3hEKynJp9b+ILkDjQ6NqdwWQp1bFNEnVmjQNH2VoiM9hqLG695R5v2lXBzspwlAwvagZI6ySbh2UrkMRT7Q8VlWf6vok0K7FyebINs3wSrkkQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope> > > > > -------------------------------------- > > > > Jun 11, 2012 11:53:43 AM org.apache.ws.security.saml.ext.AssertionWrapper > > parseElement > > > > SEVERE: AssertionWrapper: found unexpected type > > org.opensaml.xml.encryption.impl.EncryptedDataImpl > > > > Jun 11, 2012 11:53:43 AM org.apache.cxf.phase.PhaseInterceptorChain > > doDefaultLogging > > > > WARNING: Interceptor for { > > > http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthasthrown > exception, unwinding now > > > > *java.lang.NullPointerException* > > > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > > SAMLUtil.java:250*) > > > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > > SAMLUtil.java:149*) > > > > at > > > org.apache.ws.security.str.SecurityTokenRefSTRParser.getSecretKeyFromAssertion( > > *SecurityTokenRefSTRParser.java:284*) > > > > at > > > org.apache.ws.security.str.SecurityTokenRefSTRParser.parseSecurityTokenReference( > > *SecurityTokenRefSTRParser.java:141*) > > > > at > > > org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded( > > *ReferenceListProcessor.java:164*) > > > > at > > > org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList( > > *ReferenceListProcessor.java:100*) > > > > at > > org.apache.ws.security.processor.ReferenceListProcessor.handleToken(* > > ReferenceListProcessor.java:60*) > > > > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(* > > WSSecurityEngine.java:396*) > > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(* > > WSS4JInInterceptor.java:289*) > > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(* > > WSS4JInInterceptor.java:97*) > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(* > > PhaseInterceptorChain.java:262*) > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(* > > ClientImpl.java:798*) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal( > > *HTTPConduit.java:1679*) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse( > > *HTTPConduit.java:1532*) > > > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(* > > HTTPConduit.java:1440*) > > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(* > > CacheAndWriteOutputStream.java:47*) > > > > at org.apache.cxf.io.CachedOutputStream.close(* > > CachedOutputStream.java:187*) > > > > at org.apache.cxf.transport.AbstractConduit.close(* > > AbstractConduit.java:56*) > > > > at org.apache.cxf.transport.http.HTTPConduit.close(* > > HTTPConduit.java:658*) > > > > at > > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage( > > *MessageSenderInterceptor.java:62*) > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(* > > PhaseInterceptorChain.java:262*) > > > > at > org.apache.cxf.endpoint.ClientImpl.doInvoke(*ClientImpl.java:532 > > *) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:464*) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:367*) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:320*) > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(* > > ClientProxy.java:89*) > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(* > > JaxWsClientProxy.java:134*) > > > > at $Proxy26.doubleIt(Unknown Source) > > > > at client.WSClient.doubleIt(*WSClient.java:18*) > > > > at client.WSClient.main(*WSClient.java:11*) > > > > Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*: Fault > > string, and possibly fault code, not set > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(* > > JaxWsClientProxy.java:156*) > > > > at $Proxy26.doubleIt(Unknown Source) > > > > at client.WSClient.doubleIt(*WSClient.java:18*) > > > > at client.WSClient.main(*WSClient.java:11*) > > > > Caused by: *java.lang.NullPointerException* > > > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > > SAMLUtil.java:250*) > > > > at org.apache.ws.security.saml.SAMLUtil.getCredentialFromSubject(* > > SAMLUtil.java:149*) > > > > at > > > org.apache.ws.security.str.SecurityTokenRefSTRParser.getSecretKeyFromAssertion( > > *SecurityTokenRefSTRParser.java:284*) > > > > at > > > org.apache.ws.security.str.SecurityTokenRefSTRParser.parseSecurityTokenReference( > > *SecurityTokenRefSTRParser.java:141*) > > > > at > > > org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded( > > *ReferenceListProcessor.java:164*) > > > > at > > > org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList( > > *ReferenceListProcessor.java:100*) > > > > at > > org.apache.ws.security.processor.ReferenceListProcessor.handleToken(* > > ReferenceListProcessor.java:60*) > > > > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(* > > WSSecurityEngine.java:396*) > > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(* > > WSS4JInInterceptor.java:289*) > > > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(* > > WSS4JInInterceptor.java:97*) > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(* > > PhaseInterceptorChain.java:262*) > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(* > > ClientImpl.java:798*) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal( > > *HTTPConduit.java:1679*) > > > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse( > > *HTTPConduit.java:1532*) > > > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(* > > HTTPConduit.java:1440*) > > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(* > > CacheAndWriteOutputStream.java:47*) > > > > at org.apache.cxf.io.CachedOutputStream.close(* > > CachedOutputStream.java:187*) > > > > at org.apache.cxf.transport.AbstractConduit.close(* > > AbstractConduit.java:56*) > > > > at org.apache.cxf.transport.http.HTTPConduit.close(* > > HTTPConduit.java:658*) > > > > at > > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage( > > *MessageSenderInterceptor.java:62*) > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(* > > PhaseInterceptorChain.java:262*) > > > > at > org.apache.cxf.endpoint.ClientImpl.doInvoke(*ClientImpl.java:532 > > *) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:464*) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:367*) > > > > at > org.apache.cxf.endpoint.ClientImpl.invoke(*ClientImpl.java:320*) > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(* > > ClientProxy.java:89*) > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(* > > JaxWsClientProxy.java:134*) > > > > ... 3 more > > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
