Hello! Thanx. I changed the namespace, but not helped. The DefaultSubjectProvider cant retrieve the subject from this SAML:
<saml2:Assertion ID="..." IssueInstant="..." Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">[name]</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData InResponseTo="_9c7644ce0fb93649cd2ca77bb9b5e6db22f68b52a9" NotOnOrAfter="2018-01-24T18:06:33.305Z"/> </saml2:SubjectConfirmation> </saml2:Subject> </saml2:Assertion> But I get an error, because the subject is null (At this point I cant change the SAML in the request) Thanx Csaba On 2018.01.24. 10:55, Colm O hEigeartaigh wrote: > The problem I think is that "http://schemas.xmlsoap.org/ws/2003/06/secext"; > is not a standard WS-Security namespace, and hence CXF is not processing > the message header at all. The correct WS-Security namespace for the > security header is instead " > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > ". > > You could take a look at the CXF transformation feature to transform the > namespace into the correct version (no idea if this will work or not): > > http://cxf.apache.org/docs/transformationfeature.html > > Colm. > > > On Tue, Jan 23, 2018 at 6:19 PM, Tóth Csaba <[email protected]> wrote: > >> Hello! >> Its in the header: >> ------------ >> <soapenv:Envelope >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >> xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; >> xmlns:a="http://www.w3.org/2005/08/addressing";> >> <soapenv:Header> >> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"; >> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns:xs="http://www.w3.org/2001/XMLSchema"; >> ID="pfxccb2f4f7-ca9c-3b5e-89b1-1d3c777400bc" Version="2.0" >> IssueInstant="2014-07-17T01:01:48Z"> >> >> [assertion] >> >> </saml:Assertion> >> >> </wsse:Security> >> </soapenv:Header> >> <soapenv:Body> >> <ns:RequestSecurityToken > >> >> <ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue >> </ns:RequestType> >> >> <ns:TokenType>http://docs.oasis-open.org/wss/oasis-wss- >> saml-token-profile-1.1#SAMLV2.0</ns:TokenType> >> <ns7:AppliesTo xmlns:ns7="http://www.w3.org/ns/ws-policy";> [url] >> </ns7:AppliesTo> >> <!-- >> <ns:Claims Dialect="http://bag.admin.ch/epr/2017/annex/5/addendum/2";> >> >> [claims need to process too ] >> >> </ns:Claims> >> --> >> </ns:RequestSecurityToken> >> </soapenv:Body> >> </soapenv:Envelope> >> --------------------- >> >> Its look like easy task for the first look: >> get a SAML in the header, full of attributes, and a request with other >> attributes. >> Validate some attributes, and all header attributes + claims attributes >> put the new SAML token. >> >> but, about a week long, I google, read source code, google again, and >> try to config the thing. >> no good tutorial, no good documentation, no good description :( >> >> Csaba >> >> >> >> On 2018.01.23. 18:08, Colm O hEigeartaigh wrote: >>> What does the request look like, e.g. where is the SAML token in the >>> request? Is it referred to directly in the SOAP Body? >>> >>> Colm. >>> >>> On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <[email protected]> wrote: >>> >>>> Hello! >>>> >>>> I'd like to parse the incomming SAML token to get the fields (user, etc) >>>> and give it to the issuer. >>>> I found, that is done in the >>>> org.apache.cxf.sts.operation.TokenIssueOperation class but >>>> stsProperties.getSamlRealmCodec() is always null in my code (how can i >>>> set it, need to create a new one?) >>>> but after in the fetchSAMLAssertionFromWSSecuritySAMLToken() function >>>> List<WSSecurityEngineResult> engineResults = handlerResult.getResults(); >>>> line give back an empty list. >>>> >>>> In the request there is an SAML token. >>>> >>>> I try to find some solution, but every example is working with the >>>> usernametoken, and/or dont provide a valid cxf config xml. >>>> >>>> Thanx >>>> Csaba >>>> >>>> >> >
