Hi, I implemented a STS with CXF 3.1.7 in a JAVA spring boot configuration for the BiPRO norm. I tested the STS with SoapUI and issuing a security context token worked well. Now I implement a second service, which should work with the implemented STS, however I receive several errors if I call the second service with SoapUI.
Here is my *STS config* in spring boot: @Bean public ServletRegistrationBean dispatcherServlet() { ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new CXFServlet()); servletRegistrationBean.addUrlMappings("/*"); return servletRegistrationBean; } @Bean(name = Bus.DEFAULT_BUS_ID) public SpringBus springBus() { return new SpringBus(); } @Bean public StaxTransformFeature transformFeature(){ StaxTransformFeature staxTransformFeature = new StaxTransformFeature(); Map<String,String> inAppendElements = new HashMap<String,String>(); Map<String,String> inTransformElements = new HashMap<String,String>(); inAppendElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType", "{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType=http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"); inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken", "{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken"); inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType", "{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestType"); inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}TokenType", "{http://docs.oasis-open.org/ws-sx/ws-trust/200512}TokenType"); staxTransformFeature.setInAppendElements(inAppendElements); staxTransformFeature.setInTransformElements(inTransformElements); return staxTransformFeature; } @Bean public SecurityTokenServiceProvider mySTSProviderBean(){ try { SecurityTokenServiceProvider securityTokenServiceProvider = new SecurityTokenServiceProvider(); securityTokenServiceProvider.setIssueSingleOperation(transprotIssueDelegate()); securityTokenServiceProvider.setValidateOperation(transportValidateDelegate()); securityTokenServiceProvider.setCancelOperation(transportCancelDelegate()); return securityTokenServiceProvider; } catch (Exception e) { e.printStackTrace(); } return null; } @Bean public TokenIssueOperation transprotIssueDelegate(){ TokenIssueOperation tokenIssueOperation = new TokenIssueOperation(); tokenIssueOperation.setTokenProviders(transportTokenProviders()); tokenIssueOperation.setServices(transportServices()); tokenIssueOperation.setStsProperties(transportSTSProperties()); tokenIssueOperation.setTokenStore(defaulttokenStore()); tokenIssueOperation.setReturnReferences(false); return tokenIssueOperation; } @Bean public TokenValidateOperation transportValidateDelegate(){ TokenValidateOperation tokenValidateOperation = new TokenValidateOperation(); tokenValidateOperation.setTokenProviders(transportTokenProviders()); tokenValidateOperation.setTokenValidators(transportTokenValidators()); tokenValidateOperation.setStsProperties(transportSTSProperties()); tokenValidateOperation.setTokenStore(defaulttokenStore()); return tokenValidateOperation; } @Bean public TokenCancelOperation transportCancelDelegate(){ TokenCancelOperation tokenCancelOperation = new TokenCancelOperation(); tokenCancelOperation.setTokenCancellers(transportTokenCancellers()); tokenCancelOperation.setStsProperties(transportSTSProperties()); tokenCancelOperation.setTokenStore(defaulttokenStore()); return tokenCancelOperation; } @Bean public BiPROTokenProvider transportSCTProvider(){ //SCTProvider BiPROTokenProvider biprotokenprovider = new BiPROTokenProvider(); biprotokenprovider.setReturnEntropy(false); return biprotokenprovider; } @Bean public SCTValidator transportSCTValidator(){ return new SCTValidator(); } @Bean public SCTCanceller transportSCTCanceller(){ return new SCTCanceller(); } @Bean public StaticService transportService(){ StaticService staticservice = new StaticService(); staticservice.setEndpoints(transportEndpoints()); return staticservice; } @Bean public DefaultInMemoryTokenStore defaulttokenStore(){ DefaultInMemoryTokenStore tokenstore = new DefaultInMemoryTokenStore(); tokenstore.setTTL(1800); return tokenstore; } @Bean public EncryptionProperties encProperties(){ EncryptionProperties encryptionproperties = new EncryptionProperties(); encryptionproperties.setEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc"); return encryptionproperties; } @Bean public StaticSTSProperties transportSTSProperties(){ StaticSTSProperties staticSTSproperties = new StaticSTSProperties(); staticSTSproperties.setCallbackHandlerClass("com.test.endpoint.STSCallbackHandler"); return staticSTSproperties; } @Bean public SCTInInterceptor sctinterceptor(){ return new SCTInInterceptor(); } @Bean public SCTOutInterceptor sctOutInterceptor(){ return new SCTOutInterceptor(); } @Bean public List<TokenProvider> transportTokenProviders(){ List<TokenProvider> tokenProviderList= new ArrayList<TokenProvider>(); tokenProviderList.add(transportSCTProvider()); return tokenProviderList; } @Bean public List<TokenValidator> transportTokenValidators(){ List<TokenValidator> tokenValidator= new ArrayList<TokenValidator>(); tokenValidator.add(transportSCTValidator()); return tokenValidator; } @Bean public List<TokenCanceller> transportTokenCancellers(){ List<TokenCanceller> tokenCanceller= new ArrayList<TokenCanceller>(); tokenCanceller.add(transportSCTCanceller()); return tokenCanceller; } @Bean public List<String> transportEndpoints(){ List<String> transportendpoints = new ArrayList<String>(); transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0"); return transportendpoints; } @Bean public List<ServiceMBean> transportServices(){ List<ServiceMBean> serviceMBean = new ArrayList<ServiceMBean>(); serviceMBean.add(transportService()); return serviceMBean; } /* * endpoint STS * */ @Bean public SecurityTokenService26010 securityTokenService26010(){ return new SecurityTokenService26010(); } @Bean public Endpoint endpoint() throws Exception{ //Object implementor = new SecurityTokenServiceProvider(); EndpointImpl endpoint = new EndpointImpl(springBus(),mySTSProviderBean()); endpoint.setServiceName(securityTokenService26010().getServiceName()); endpoint.setWsdlLocation(securityTokenService26010().getWSDLDocumentLocation().toString()); endpoint.publish("/SecurityTokenService-2.6.0.1.0"); endpoint.getInInterceptors().add(sctinterceptor()); endpoint.getOutInterceptors().add(sctOutInterceptor()); Map<String, Object> inProps = new HashMap<>(); inProps.put("ws-security.callback-handler", STSCallbackHandler.class.getName()); inProps.put("org.apache.cxf.ws.security.tokenstore.TokenStore", defaulttokenStore()); endpoint.setProperties(inProps); endpoint.getFeatures().add(transformFeature()); return endpoint; } /* * endpoint Transferservice * */ @Bean public TransferServicePortType transferServicePortType(){ return new TransferServiceEndpoint(); } @Bean public TransferService26010 transferService26010(){ return new TransferService26010(); } @Bean public Endpoint transferendpoint(){ EndpointImpl transferendpoint = new EndpointImpl(springBus(),transferServicePortType()); transferendpoint.setServiceName(transferService26010().getServiceName()); transferendpoint.setWsdlLocation(transferService26010().getWSDLDocumentLocation().toString()); transferendpoint.publish("/TransferService-2.6.0.1.0"); transferendpoint.getInInterceptors().add(sctinterceptor()); transferendpoint.getOutInterceptors().add(sctOutInterceptor()); Map<String, Object> inProps = new HashMap<>(); inProps.put("mtom-enabled", true); transferendpoint.setProperties(inProps); return transferendpoint; } *End STS config* This is the request in SoapUI, which is sent to the second service: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tran="http://www.bipro.net/namespace/transfer" xmlns:bas="http://www.bipro.net/namespace/basis" xmlns:nac="http://www.bipro.net/namespace/nachrichten" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soapenv:Header> <wsse:Security> <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"> <wsc:Identifier>bipro:880fa760-5e59-41aa-b883-fbfa89b1c136</wsc:Identifier> </wsc:SecurityContextToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <tran:listShipments> <tran:Request> <nac:BiPROVersion>2.0.6.1.0</nac:BiPROVersion> <nac:ConsumerID>VR-12345</nac:ConsumerID> <tran:KategorieDerLieferung>170</tran:KategorieDerLieferung> <tran:BestaetigeLieferungen>false</tran:BestaetigeLieferungen> </tran:Request> </tran:listShipments> </soapenv:Body> </soapenv:Envelope> And here is the policy definition in the wsdl from the second service: <wsp:Policy wsu:Id="AuthSecurityPolicy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:AsymmetricBinding> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken11/> </wsp:Policy> </sp:UsernameToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10> <wsp:Policy> <sp:MustSupportIssuedTokens/> </wsp:Policy> </sp:Wss10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:SymmetricBinding> <sp:Trust13> <wsp:Policy> <sp:MustSupportIssuedTokens/> </wsp:Policy> </sp:Trust13> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> *End policy* I read a lot in older forum posts to get working my second service with the STS, but nothing worked. Here are the errors if I call the second service with the above SoapUI request: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SecureConversationToken: No SecureConversation token found in message. {http://www.w3.org/2007/08/soap12-mtom-policy}MTOM Does anybody know why I am getting these errors? Maybe I forget something in my configuration? Thx in advance. Regards, Patrick -- View this message in context: http://cxf.547215.n5.nabble.com/These-policy-alternatives-can-not-be-satisfied-tp5782647.html Sent from the cxf-user mailing list archive at Nabble.com.