axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plamena Chongova" <pchong...@gmail.com>
Subject Re: Rampart 1.4 for Axis2 1.4
Date Wed, 14 May 2008 13:24:43 GMT
Hi all,
I have tested the samples of RC2 and I have encountered a problem in sample
05. The response is:


<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">

<wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>

<wsa:RelatesTo>urn:uuid:DC6CBC0805A79583451210760374233</wsa:RelatesTo>

</soapenv:Header>

<soapenv:Body>

<soapenv:Fault xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">

<faultcode>wsse:InvalidSecurity</faultcode>

<faultstring>General security error (SAML token security failure); nested
exception is:

org.opensaml.MalformedException: Subject is invalid, requires either
NameIdentifier or at least one ConfirmationMethod</faultstring>

<detail/>

</soapenv:Fault>

</soapenv:Body>

</soapenv:Envelope>
In fact the SAML assertion looks like this:


<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="
urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="
urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="
http://www.w3.org/2001/XMLSchema" AssertionID="
_7816cc0f3175b845fe6885392887dcfb" IssueInstant="2008-05-14T08:55:39.906Z"Issuer
="SAMPLE_STS" MajorVersion="1" MinorVersion="1">

<Conditions NotBefore="2008-05-14T08:55:39.906Z" NotOnOrAfter="
2008-05-14T09:00:39.906Z"/>

<AttributeStatement>

<Subject>

<SubjectConfirmation>

<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</
ConfirmationMethod>

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<xenc:EncryptedKey xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="
EncKeyId-urn:uuid:FF61AF1C61F5F11915121075533990612">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5
"/>

<ds:KeyInfo>

<wsse:SecurityTokenReference xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">

<wsse:KeyIdentifier EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>aRbQNN6......xenc:CipherValue>

</xenc:CipherData>

</xenc:EncryptedKey>

</KeyInfo>

</SubjectConfirmation>

</Subject>

<Attribute AttributeName="Name" AttributeNamespace="
https://rahas.apache.org/saml/attrns">

<AttributeValue>Colombo/Rahas</AttributeValue>

</Attribute>

</AttributeStatement>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference URI="#_7816cc0f3175b845fe6885392887dcfb">

<ds:Transforms>

<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"PrefixList
="code ds kind rw saml samlp typens #default xsd xsi"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>mIaVRuYws25Y9M/LYs8p2jUxp6c=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>gspHip...</ds:SignatureValue>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509Certificate>MIICTjC.....</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature>

</Assertion>
Does anybody else have the same error?

Thanks,
Plamena

On Mon, May 5, 2008 at 5:31 PM, Nandana Mihindukulasooriya <
nandana.cse@gmail.com> wrote:

> Hi,
>   Please do the testing with Rampart RC2 which can be found here.
>
> [1] - http://people.apache.org/~nandana/rampart-1.4/RC2/
>
> it depends on the Axis2 1.4 release.
>
> thanks,
> nandana
>
>
> On Mon, May 5, 2008 at 4:27 PM, Stefan Lischke <s.lischke@zertificon.com>
> wrote:
>
>> Hi,
>>
>> found for myself:
>>
>>
>> http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200805.mbox/%3c9e2fff830805021124h6b3fe469s400c1d73acc2aaa1@mail.gmail.com%3e
>>
>> sorry
>>
>> Stefan
>>
>>
>> Stefan Lischke wrote:
>> > Hi,
>> >
>> > Great to see the latest Axis2 release. When will there be a matching
>> > Rampart release?
>> > Or is the RC1[1] ok?
>> >
>> > Thanks in advance
>> >
>> > Stefan
>> >
>> >
>> > [1] http://people.apache.org/~nandana/rampart-1.4/RC1/
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: axis-dev-help@ws.apache.org
>> >
>> >
>> >
>> >
>>
>

Mime
View raw message