You're missing a quotation mark in your jaas configuration in the userProvider value.
Colm. On Tue, Jun 26, 2012 at 2:12 PM, Gina Choi <[email protected]> wrote: > Hi Colum, > > Thanks for your response. > <<<< > It doesn't look like you followed the steps correctly, as the WSS4J > UsernameTokenValidator is throwing the exception. You need to replace this > (default) Validator with the JAAS one, as per the configuration give in > http://cxf.apache.org/fediz-idp.html: > >>>> > Actually I have jaasUTValidator in my configuration file as follow. > However, I got hint from your "need to replace" words and commented > out original jaxws:endpoint(id="transportSTS1). > > <!--jaxws:endpoint id="transportSTS1" > implementor="#transportSTSProviderBean" > address="/STSService" > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" > xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > serviceName="ns1:SecurityTokenService" > endpointName="ns1:TransportUT_Port"> > <jaxws:properties> > <entry key="ws-security.callback-handler" value-ref="upCallBackHandler" > /> > </jaxws:properties> > </jaxws:endpoint--> > > <jaxws:endpoint id="transportSTSUT" > endpointName="ns1:TransportUT_Port" > serviceName="ns1:SecurityTokenService" > xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" > address="/STSService" > implementor="#transportSTSProviderBean"> > <jaxws:properties> > <entry key="ws-security.ut.validator" > value-ref="jaasUTValidator"/> > </jaxws:properties> > </jaxws:endpoint> > Now, at least it try to use JAASUsernameTokenValidator. > > ID: 1 > Address: https://localhost:9443/fedizidpsts/STSService?wsdl > Http-Method: GET > Content-Type: text/xml > Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], > content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age > nt=[Apache CXF 2.6.2-SNAPSHOT]} > -------------------------------------- > Jun 26, 2012 8:44:30 AM > org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > INFO: Inbound Message > ---------------------------- > ID: 2 > Address: > https://localhost:9443/fedizidpsts/STSService?wsdl=ws-trust-1.4.wsdl > Http-Method: GET > Content-Type: text/xml > Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], > content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age > nt=[Apache CXF 2.6.2-SNAPSHOT]} > -------------------------------------- > Jun 26, 2012 8:44:30 AM > org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl > handleNoRegisteredBuilder > WARNING: No assertion builder for type { > http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. > Jun 26, 2012 8:44:30 AM > org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > INFO: Outbound Message > --------------------------- > ID: 1 > Address: https://localhost:9443/fedizidpsts/STSService > Encoding: UTF-8 > Content-Type: text/xml > Headers: {Accept=[*/*], SOAPAction=[" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Header><wsse:Securityxmlns:wsse=" > http://docs.oasis-open.org/wss/ > 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soa > p:mustUnderstand="1"><wsse:UsernameToken > wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password > Type="http://docs.oasis-open.org/ > > wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo > dy><wst:RequestSecurityToken xmlns:wst=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType> > http://docs.oasis-open.org/ws-sx/ws-trust/2 > 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" > http://schemas.xmlsoap.org/ws/2004/09/policy > "><wsa:EndpointReferencexmlns:wsa=" > http://www.w3.o > rg/2005/08/addressing"><wsa:Address> > https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ > </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: > TokenType> > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 > </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru > st/200512/Bearer > </wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> > -------------------------------------- > Jun 26, 2012 8:44:30 AM > org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > INFO: Inbound Message > ---------------------------- > ID: 3 > Address: https://localhost:9443/fedizidpsts/STSService > Encoding: UTF-8 > Http-Method: POST > Content-Type: text/xml; charset=UTF-8 > Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], > Content-Length=[1276], content-type=[text/xml; charset=UTF-8], host=[localh > ost:9443], pragma=[no-cache], SOAPAction=[" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";], > user-agent=[Apache CXF 2.6.2-SNAPSHOT]} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Header><wsse:Securityxmlns:wsse=" > http://docs.oasis-open.org/wss/ > 2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soa > p:mustUnderstand="1"><wsse:UsernameToken > wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password > Type="http://docs.oasis-open.org/ > > wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo > dy><wst:RequestSecurityToken xmlns:wst=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512";><wst:RequestType> > http://docs.oasis-open.org/ws-sx/ws-trust/2 > 00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp=" > http://schemas.xmlsoap.org/ws/2004/09/policy > "><wsa:EndpointReferencexmlns:wsa=" > http://www.w3.o > rg/2005/08/addressing"><wsa:Address> > https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ > </wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst: > TokenType> > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 > </wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru > st/200512/Bearer > </wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope> > -------------------------------------- > SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". > SLF4J: Defaulting to no-operation (NOP) logger implementation > SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further > details. > Jun 26, 2012 8:44:31 AM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for { > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Is > sue has thrown exception, unwinding now > java.lang.SecurityException: Configuration Error: > Line 2: expected [option key], found [null] > at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > at > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at java.lang.Class.newInstance0(Class.java:355) > at java.lang.Class.newInstance(Class.java:308) > at > javax.security.auth.login.Configuration$3.run(Configuration.java:247) > at java.security.AccessController.doPrivileged(Native Method) > at > > javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) > at > javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.init(LoginContext.java:234) > at > javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) > at > > org.apache.ws.security.validate.JAASUsernameTokenValidator.validate(JAASUsernameTokenValidator.java:103) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) > at > > org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) > at > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) > at > > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) > at > > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > at > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > Caused by: java.io.IOException: Configuration Error: > Line 2: expected [option key], found [null] > at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:543) > at > com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:406) > at > com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:350) > at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:262) > at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:202) > at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) > ... 45 more > Jun 26, 2012 8:44:31 AM > org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > INFO: Outbound Message > --------------------------- > ID: 3 > Response-Code: 500 > Encoding: UTF-8 > Content-Type: text/xml > Headers: {} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>C > onfiguration Error: > Line 2: expected [option key], found > [null]</faultstring></soap:Fault></soap:Body></soap:Envelope> > -------------------------------------- > Jun 26, 2012 8:44:31 AM > org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS > INFO: Inbound Message > ---------------------------- > ID: 1 > Response-Code: 500 > Encoding: UTF-8 > Content-Type: text/xml;charset=UTF-8 > Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], > Date=[Tue, 26 Jun 2012 12:44:31 GMT], Server=[Apache-Coyote/1.1], > transfer-encodi > ng=[chunked]} > Payload: <soap:Envelope xmlns:soap=" > http://schemas.xmlsoap.org/soap/envelope/ > "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>C > onfiguration Error: > Line 2: expected [option key], found > [null]</faultstring></soap:Fault></soap:Body></soap:Envelope> > -------------------------------------- > Jun 26, 2012 8:44:31 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > WARNING: Request does not contain Security header, but it's a fault. > Jun 26, 2012 8:44:31 AM org.apache.cxf.fediz.service.idp.IdpServlet doGet > INFO: Requesting security token failed > org.apache.cxf.binding.soap.SoapFault: Configuration Error: > Line 2: expected [option key], found [null] > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at > > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) > at > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > at > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1673) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1526) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1434) > at > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) > at > org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:187) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658) > at > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) > at > > org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:176) > at > > org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64) > at > > org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259) > at > org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) > at > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) > at > > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
