Hi Colum, Thanks for your response. <<<< It doesn't look like you followed the steps correctly, as the WSS4J UsernameTokenValidator is throwing the exception. You need to replace this (default) Validator with the JAAS one, as per the configuration give in http://cxf.apache.org/fediz-idp.html: >>>> Actually I have jaasUTValidator in my configuration file as follow. However, I got hint from your "need to replace" words and commented out original jaxws:endpoint(id="transportSTS1).
<!--jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean" address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port"> <jaxws:properties> <entry key="ws-security.callback-handler" value-ref="upCallBackHandler" /> </jaxws:properties> </jaxws:endpoint--> <jaxws:endpoint id="transportSTSUT" endpointName="ns1:TransportUT_Port" serviceName="ns1:SecurityTokenService" xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" address="/STSService" implementor="#transportSTSProviderBean"> <jaxws:properties> <entry key="ws-security.ut.validator" value-ref="jaasUTValidator"/> </jaxws:properties> </jaxws:endpoint> Now, at least it try to use JAASUsernameTokenValidator. ID: 1 Address: https://localhost:9443/fedizidpsts/STSService?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 26, 2012 8:44:30 AM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 2 Address: https://localhost:9443/fedizidpsts/STSService?wsdl=ws-trust-1.4.wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 26, 2012 8:44:30 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type { http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. Jun 26, 2012 8:44:30 AM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 1 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Securityxmlns:wsse=" http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soa p:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo dy><wst:RequestSecurityToken xmlns:wst=" http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReferencexmlns:wsa=" http://www.w3.o rg/2005/08/addressing"><wsa:Address> https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- Jun 26, 2012 8:44:30 AM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 3 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[1276], content-type=[text/xml; charset=UTF-8], host=[localh ost:9443], pragma=[no-cache], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], user-agent=[Apache CXF 2.6.2-SNAPSHOT]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><wsse:Securityxmlns:wsse=" http://docs.oasis-open.org/wss/ 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soa p:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/ wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo dy><wst:RequestSecurityToken xmlns:wst=" http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy";><wsa:EndpointReferencexmlns:wsa=" http://www.w3.o rg/2005/08/addressing"><wsa:Address> https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: TokenType> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> -------------------------------------- SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Jun 26, 2012 8:44:31 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for { http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Is sue has thrown exception, unwinding now java.lang.SecurityException: Configuration Error: Line 2: expected [option key], found [null] at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at javax.security.auth.login.Configuration$3.run(Configuration.java:247) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.init(LoginContext.java:234) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) at org.apache.ws.security.validate.JAASUsernameTokenValidator.validate(JAASUsernameTokenValidator.java:103) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: java.io.IOException: Configuration Error: Line 2: expected [option key], found [null] at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:543) at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:406) at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:350) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:262) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:202) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) ... 45 more Jun 26, 2012 8:44:31 AM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 3 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>C onfiguration Error: Line 2: expected [option key], found [null]</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Jun 26, 2012 8:44:31 AM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 1 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], Date=[Tue, 26 Jun 2012 12:44:31 GMT], Server=[Apache-Coyote/1.1], transfer-encodi ng=[chunked]} Payload: <soap:Envelope xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>C onfiguration Error: Line 2: expected [option key], found [null]</faultstring></soap:Fault></soap:Body></soap:Envelope> -------------------------------------- Jun 26, 2012 8:44:31 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain Security header, but it's a fault. Jun 26, 2012 8:44:31 AM org.apache.cxf.fediz.service.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.binding.soap.SoapFault: Configuration Error: Line 2: expected [option key], found [null] at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1673) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1526) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1434) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:187) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:176) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
