The WSDL is fine, that port name is implied by the fact that there is a WS-SecureConveration policy (the STSClient initiates the conversation). It sounds like some configuration is not getting picked up. If you can't figure it out by looking at the example I pointed you to, then please create a JIRA with a reproducible test-case + someone will take a look.
Colm. On Tue, Feb 21, 2017 at 2:16 PM, Morein, Arnie <[email protected]> wrote: > What's interesting is, CXF is complaining about this service: > > Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl} > SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl} > RequestSecurityToken has thrown exception, unwinding now > > Note the URL above. It isn't mentioned in the WSDL at all. The policy > section of the WSDL is below. That URL and an STS isn't mentioned > explicitly. > > This WS was developed by a .Net shop. Is something missing from their WSDL? > > <wsp:Policy wsu:Id="wsHttpEndPoint_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:TransportBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy" > > > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken > RequireClientCertificate="false" /> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > </wsp:Policy> > </sp:TransportBinding> > <sp:EndorsingSupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy" > > > <wsp:Policy> > <sp:SecureConversationToken > sp:IncludeToken="http:// > schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > IncludeToken/AlwaysToRecipient" > > > <wsp:Policy> > <sp:BootstrapPolicy> > <wsp:Policy> > <sp:SignedParts> > <sp:Body /> > <sp:Header > Name="To" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="From" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="FaultTo" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="ReplyTo" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="MessageID" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="RelatesTo" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > <sp:Header > Name="Action" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:TransportBinding> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken > > RequireClientCertificate="false" /> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > </wsp:Policy> > </sp:TransportBinding> > <sp:EndorsingSupportingTokens> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > IncludeToken/AlwaysToRecipient" > > > <wsp:Policy> > > <sp:RequireThumbprintReference /> > > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > <sp:SignedParts> > <sp:Header > Name="To" > Namespace=" > http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > </wsp:Policy> > </sp:EndorsingSupportingTokens> > <sp:Wss11> > <wsp:Policy> > > <sp:MustSupportRefThumbprint /> > </wsp:Policy> > </sp:Wss11> > <sp:Trust10> > <wsp:Policy> > > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > </wsp:Policy> > </sp:BootstrapPolicy> > </wsp:Policy> > </sp:SecureConversationToken> > </wsp:Policy> > </sp:EndorsingSupportingTokens> > <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy"> > <wsp:Policy /> > </sp:Wss11> > <sp:Trust10 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy" > > > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > <wsaw:UsingAddressing /> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Monday, February 20, 2017 8:39 AM > To: [email protected] > Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, > policies, trust > > For WS-SecureConversation, the configuration parameters for the "bootstrap" > phase end with ".sct". See the examples here: > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f= > systests/ws-security-examples/src/test/resources/org/apache/ > cxf/systest/wssec/examples/secconv/client.xml;h= > b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD > > I'm not sure if your use-case is going to work by the way. Typically, > WS-SecureConversation is not used to obtain a token for once service and > then re-used for another service. > > Colm. > > On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie < > [email protected]> > wrote: > > > My situation has two WSDLs: a and b. > > > > Both use the same keystore which contains two Trusted Cert Entries and > > a Private Key Entry (x.509 cert). This key is supposed to be used to > > sign and encrypt the messages. > > > > Calling the a::authentication.authenticate method should be over > > https, signed and encrypted with the cert as mentioned above. NO user > > credentials are supplied. A session token is returned if all is well. > > > > The session token, along with a user name and password are to be > > passed into all calls for WSDL b, using the same cert for signing and > encryption. > > > > I created two maven projects, one for each WSDL, using the > > cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with > > client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring > > beans file with the required jaxws:client entries for the port names, > > and the related key store JKS file. > > > > Both were added to the main WAR project and in one of the Spring XML > > files, I added: > > > > <!-- set up the CXF bus --> > > <import resource="classpath:META-INF/cxf/cxf.xml" /> > > <cxf:bus> > > <cxf:features> > > <p:policies /> > > <cxf:logging /> > > </cxf:features> > > </cxf:bus> > > <import resource="classpath:META-INF/cxf/cxf-aamva-authentication. > xml" > > /> > > <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" /> > > > > And at boot time, spring finds those files and creates the beans. So > > no error THERE. > > > > Calling the constructor for the service class and getting the port > > instance works for WSDL a without error. > > > > But when calling .authenticate, I continually get the following. What > > gives? There isn't a SecurityTokenService listed in the a or b wsdl. I > > have no idea if the port name matches the syntax below ({ > > http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) > > or not. > > > > > > > > Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - > Interceptor > > for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl} > > SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl > > } RequestSecurityToken has thrown exception, unwinding now > > org.apache.cxf.interceptor.Fault: Security configuration could not be > > detected. Potential cause: Make sure jaxws:client element with name > > attribute value matching endpoint port is defined as well as a > > security.signature.properties element within it. > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172 > > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal( > > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl > > ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter > > ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.handleMessage( > > SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.handleMessage( > > SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139 > > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10] > > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na] > > at > > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav > > a:178) > > [VlsBusiness.class:na] > > ... > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: Security > > configuration could not be detected. Potential cause: Make sure > > jaxws:client element with name attribute value matching endpoint port > > is defined as well as a security.signature.properties element within it. > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl > > er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java > > :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j > > ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j > > ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.handleEndorsingSupportingToken > > s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.handleBinding(TransportBindingHandler.java:159 > > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > ... 270 common frames omitted > > Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - > Interceptor > > for > > {http://aamva.org/authentication/3.1.0}AuthenticationService#{http:// > > aamva.org/authentication/3.1.0}Authenticate has thrown exception, > > unwinding now > > org.apache.cxf.interceptor.Fault: Security configuration could not be > > detected. Potential cause: Make sure jaxws:client element with name > > attribute value matching endpoint port is defined as well as a > > security.signature.properties element within it. > > at org.apache.cxf.ws.security.wss4j.policyhandlers. > > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172 > > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal( > > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at > > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor > > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage( > > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl > > ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.trust.STSClient. > > requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter > > ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.handleMessage( > > SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.ws.security.policy.interceptors. > > SecureConversationOutInterceptor.handleMessage( > > SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10. > > jar:3.1.10] > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) > > [cxf-core-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10] > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139 > > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10] > > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na] > > at > > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav > > a:178) > > [VlsBusiness.class:na] > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
