Return-Path: X-Original-To: apmail-camel-users-archive@www.apache.org Delivered-To: apmail-camel-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7046B10A2D for ; Tue, 8 Apr 2014 02:48:30 +0000 (UTC) Received: (qmail 27334 invoked by uid 500); 8 Apr 2014 02:48:29 -0000 Delivered-To: apmail-camel-users-archive@camel.apache.org Received: (qmail 26887 invoked by uid 500); 8 Apr 2014 02:48:28 -0000 Mailing-List: contact users-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@camel.apache.org Delivered-To: mailing list users@camel.apache.org Received: (qmail 26868 invoked by uid 99); 8 Apr 2014 02:48:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Apr 2014 02:48:26 +0000 X-ASF-Spam-Status: No, hits=1.3 required=5.0 tests=SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [216.139.236.26] (HELO sam.nabble.com) (216.139.236.26) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Apr 2014 02:48:21 +0000 Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WXM4t-0008U7-39 for users@camel.apache.org; Mon, 07 Apr 2014 19:47:59 -0700 Date: Mon, 7 Apr 2014 19:47:59 -0700 (PDT) From: chaij To: users@camel.apache.org Message-ID: <1396925279082-5749914.post@n5.nabble.com> In-Reply-To: References: <1396067839003-5749520.post@n5.nabble.com> <1396289411335-5749574.post@n5.nabble.com> <1396573774853-5749746.post@n5.nabble.com> <1396583302791-5749761.post@n5.nabble.com> <1396670204457-5749827.post@n5.nabble.com> Subject: Re: add SAML TOKEN to SOAP header MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org That's it! I am able to get the validation disabled. Then I ran into this interesting issue. For client, wss4jOutInterceptor, I have to use SAMLTokenUnsigned action. If I use SAMLTokenSigned instead, I would get a null pointer exception like this: java.lang.NullPointerException at org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:262)[159:org.apache.ws.security.wss4j:1.6.12] at org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117)[159:org.apache.ws.security.wss4j:1.6.12] at org.apache.ws.security.action.SAMLTokenSignedAction.execute(SAMLTokenSignedAction.java:99)[159:org.apache.ws.security.wss4j:1.6.12] at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)[159:org.apache.ws.security.wss4j:1.6.12] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7] at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7] For the server, wss4jInInterceptor, I have to use action SAMLTokenSigned. Otherwise, I would get WSSecurityException. 21:16:16,817 | WARN | p1389339194-1480 | ecurity.wss4j.WSS4JInInterceptor 362 | 162 - org.apache.cxf.cxf-rt-ws-security - 2.7.7 | Security processing failed (actions mismatch) 21:16:16,818 | WARN | p1389339194-1480 | ecurity.wss4j.WSS4JInInterceptor 335 | 162 - org.apache.cxf.cxf-rt-ws-security - 2.7.7 | org.apache.ws.security.WSSecurityException: An error was discovered processing the header at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:363)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:290)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7] at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)[162:org.apache.cxf.cxf-rt-ws-security:2.7.7] By looking at the wss4j interceptor code, on the server side, it looks for if there is signature in the Assertion to determine if it is Signed or Unsigned. But I don't know why exactly it is throwing NullPointer exception on the client side. Thanks! -- View this message in context: http://camel.465427.n5.nabble.com/add-SAML-TOKEN-to-SOAP-header-tp5749520p5749914.html Sent from the Camel - Users mailing list archive at Nabble.com.