Hmm.. I already have following content in my cxf-transport.xml file. Please see attached full version that I have.
<bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> <property name="attributeStatementProviders" ref="attributeStatementProvidersList" /> <property name="conditionsProvider" ref="conditionsProvider" /> </bean> <util:list id="attributeStatementProvidersList"> <ref bean="claimsAttributeProvider" /> </util:list> <bean id="claimsAttributeProvider" class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider" /> On Thu, Jun 28, 2012 at 6:30 PM, Oliver Wulff <[email protected]> wrote: > Hi Gina > > Please ensure to configure the ClaimsAttributeStatementProvider as > illustrated in this example: > > <bean id="transportSamlTokenProvider" > class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> > <property name="attributeStatementProviders" > ref="attributeStatementProvidersList" /> > </bean> > <util:list id="attributeStatementProvidersList"> > <ref bean="claimAttributeProvider" /> > </util:list> > <bean id="claimAttributeProvider" > > class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider"> > </bean> > > I have to add this to the wiki. > > Thanks > > > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com > Solution Architect > http://coders.talend.com > > Talend Application Integration Division http://www.talend.com
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:test="http://apache.org/hello_world_soap_http"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <cxf:bus> <cxf:features> <cxf:logging /> </cxf:features> </cxf:bus> <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> <property name="issueOperation" ref="transportIssueDelegate" /> <property name="validateOperation" ref="transportValidateDelegate" /> </bean> <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> <property name="tokenProviders" ref="transportTokenProviders" /> <property name="tokenValidators" ref="transportTokenValidators" /> <property name="services" ref="transportService" /> <property name="stsProperties" ref="transportSTSProperties" /> <property name="claimsManager" ref="claimsManager" /> </bean> <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> <property name="tokenValidators" ref="transportTokenValidators" /> <property name="stsProperties" ref="transportSTSProperties" /> </bean> <util:list id="transportTokenProviders"> <ref bean="transportSamlTokenProvider" /> </util:list> <util:list id="transportTokenValidators"> <ref bean="transportSamlTokenValidator" /> </util:list> <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> <property name="attributeStatementProviders" ref="attributeStatementProvidersList" /> <property name="conditionsProvider" ref="conditionsProvider" /> </bean> <bean id="conditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider"> <property name="lifetime" value="1200" /> </bean> <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator" /> <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator" /> <!--bean id="transportUsernameTokenValidator" class="org.apache.cxf.sts.token.validator.UsernameTokenValidator" /--> <util:list id="attributeStatementProvidersList"> <ref bean="claimsAttributeProvider" /> </util:list> <bean id="claimsAttributeProvider" class="org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider" /> <!-- Commented out for OpenLDAP Configuration --> <!--import resource="userClaims.xml" /--> <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager"> <property name="claimHandlers" ref="claimHandlerList" /> </bean> <!-- Commented out for OpenLDAP Configuration --> <!--util:list id="claimHandlerList"> <ref bean="fileClaimsHandler" /> </util:list--> <!-- Commented out for OpenLDAP Configuration --> <!--bean id="fileClaimsHandler" class="org.apache.cxf.fediz.service.sts.FileClaimsHandler"> <property name="userClaims" ref="userClaims" /> </bean--> <import resource="passwords.xml" /> <bean id="upCallBackHandler" class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler"> <property name="passwords" ref="passwords" /> </bean> <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> <property name="endpoints" ref="transportEndpoints" /> </bean> <util:list id="transportEndpoints"> <value>.*</value> <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*</value> </util:list> <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> <property name="signaturePropertiesFile" value="stsKeystore.properties" /> <property name="signatureUsername" value="mystskey" /> <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> <property name="encryptionPropertiesFile" value="stsKeystore.properties" /> <property name="issuer" value="DoubleItSTSIssuer" /> <property name="encryptionUsername" value="myservicekey" /> </bean> <!-- Added for OpenLdap configuration --> <bean id="jaasUTValidator" class="org.apache.ws.security.validate.JAASUsernameTokenValidator"> <property name="contextName" value="myldap"/> </bean> <!-- End of OpenLdap configuration --> <!--jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean" address="/STSService" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port"> <jaxws:properties> <entry key="ws-security.callback-handler" value-ref="upCallBackHandler" /> </jaxws:properties> </jaxws:endpoint--> <jaxws:endpoint id="transportSTS2" implementor="#transportSTSProviderBean" address="/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> <jaxws:properties> </jaxws:properties> </jaxws:endpoint> <!-- This is added for OpenLdap --> <jaxws:endpoint id="transportSTSUT" endpointName="ns1:TransportUT_Port" serviceName="ns1:SecurityTokenService" xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" address="/STSService" implementor="#transportSTSProviderBean"> <jaxws:properties> <entry key="ws-security.ut.validator" value-ref="jaasUTValidator"/> </jaxws:properties> </jaxws:endpoint> <util:list id="claimHandlerList"> <ref bean="ldapClaimsHandler" /> </util:list> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="url" value="ldap://wkqasvtest.global.test.corp:3899"; /> <property name="userDn" value="cn=Manager,dc=maxcrc,dc=com" /> <property name="password" value="secret" /> </bean> <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <constructor-arg ref="contextSource" /> </bean> <util:map id="claimsToLdapAttributeMapping"> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; value="givenName" /> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; value="sn" /> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; value="mail" /> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; value="title" /> </util:map> <bean id="ldapClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> <property name="ldapTemplate" ref="ldapTemplate" /> <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> <property name="userBaseDN" value="ou=People,dc=maxcrc,dc=com" /> </bean> <!-- End of OpenLDAP Configuration --> </beans>
