Hi Ugo, Please replace the wso2wsas-2.3/samples/sts-sample/conf/sts.policy.xml file with one that is attached in this mail. The only change I did was adding the <sp:RequireThumbprintReference/> assertion with the <sp:X509Token/> assertion. This is required as we are using version 1 - X.509 certificates. And the documentation seems to be a bit outdated. In step 6, it should be scenario #17 and not scenario #12. In step 8, make sure the <echo-service-http-address> you enter is the exact one you used in step 5, STS configuration. I was able to run it successfully with above steps.
thanks, nandana On Sat, Jan 17, 2009 at 1:37 AM, Ugo <[email protected]> wrote: > > I am trying to run the sts-sample client (step 8 in the sts-sample > instructions), but I am getting a run-time error: > > D:\wso2wsas-2.3\samples\sts-sample>run-client.bat > http://192.168.1.100:9762/services/wso2wsas-sts > http://192.168.1.100:9762/services/echo > Using WSO2WSAS_HOME: D:\wso2wsas-2.3 > Using JAVA_HOME: D:\Java\jdk1.5.0_12 > Security token service endpoint address: > http://192.168.1.100:9762/services/wso2wsas-sts > Secured Service endpoint address: http://192.168.1.100:9762/services/echo > log4j:WARN <http://192.168.1.100:9762/services/echolog4j:WARN> No > appenders could be found for logger > (org.apache.axis2.deployment.FileSystemConfigurator). > log4j:WARN Please initialize the log4j system properly. > org.apache.axis2.AxisFault: Error during encryption > at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) > ... > Caused by: org.apache.ws.security.WSSecurityException: An unsupported token > was provided > (An X509 certificate with version 3 must be used for SKI. The presented > cert > has version: 1) > at > > org.apache.ws.security.message.token.SecurityTokenReference.setKeyIdentifierSKI(SecurityTokenReference.java:272) > ... > > Any clue of what might be wrong? > > Thank you, > Ugo > > > -- > View this message in context: > http://www.nabble.com/Problem-running-sts-sample-tp21507516p21507516.html > Sent from the WSO2 WSAS Users mailing list archive at Nabble.com. > > > _______________________________________________ > Wsas-java-user mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user >
<!-- ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <wsp:Policy wsu:Id="scenario-3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
_______________________________________________ Wsas-java-user mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
