Hi All, I have an OpenLDAP in the cloud and try to configure it with Fediz IDP. I am following directions in the link http://cxf.apache.org/fediz-idp.html. I created jaas.config file and set JAVA_OPTS as directed. I updated cxf-transport.xml file in STS accordingly as directed. I also added dependencies to STS pom for ldap, but I am getting "The security token could not be authenticated or authorized" exception. Have anyone configured Fediz IDP with LDAP directory before? I am going to take a look further tomorrow, but if anyone have any ideas, please let me know. I don't know if query request has been sent to LDAP directory yet.
INFO: Inbound Message ---------------------------- ID: 1 Address: https://localhost:9443/fedizidpsts/STSService?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 25, 2012 5:29:54 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 2 Address: https://localhost:9443/fedizidpsts/STSService?wsdl=ws-trust-1.4.wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 25, 2012 5:29:54 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type { http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 1 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Securityxmlns:wsse=" http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soa p:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo dy><wst:RequestSecurityToken xmlns:wst=" http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReferencexmlns:wsa=" http://www.w3.o rg/2005/08/addressing"><wsa:Address> https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 3 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[1276], content-type=[text/xml; charset=UTF-8], host=[localh ost:9443], pragma=[no-cache], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], user-agent=[Apache CXF 2.6.2-SNAPSHOT]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Securityxmlns:wsse=" http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soa p:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo dy><wst:RequestSecurityToken xmlns:wst=" http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReferencexmlns:wsa=" http://www.w3.o rg/2005/08/addressing"><wsa:Address> https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Jun 25, 2012 5:29:55 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for { http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Is sue has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:780) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) ... 27 more Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 3 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcodexmlns:ns1=" http://docs.oasis-open.org /wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode><faultstring>The security token could not be authenticate d or authorized</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 1 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], Date=[Mon, 25 Jun 2012 21:29:55 GMT], Server=[Apache-Coyote/1.1], transfer-encodi ng=[chunked]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcodexmlns:ns1=" http://docs.oasis-open.org /wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode><faultstring>The security token could not be authenticate d or authorized</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain Security header, but it's a fault. Jun 25, 2012 5:29:55 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1673) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1526) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1434) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:187) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:176) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
