cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject AW: General security error (Provided SAML token does not contain a suitable key)
Date Mon, 09 Jan 2012 13:07:06 GMT

I guess I understand your problem.

If you configure the .NET "ws2007FederationHttpBinding" it enforces the usage of WS-SecureConversation.
The ws2007FederationHttpBinding is a system-provided binding. Each WCF binding is built from
a set of system-provided binding elements. You can also configure a custom binding which also
includes custom binding elements.

I assume that you have configured the ws2007FederationHttpBinding binding. Is that correct?
Could you share your .net configuration file?

The WS-SecureConversation standard defines three use cases:
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html#_Toc162064047

Based on the message sent to CXF (receiver) from .NET, the .NET client sends the RST (request
for the STS) to the application service instead of a dedicated STS instance. This matches
with the last use case described in the spec "Security context token created through negotiation/exchanges".

I've got the question for you whether the usage of WS-SecureConversation is really needed
or is it just used implicitly due to the usage of the wsFederationHttpBindig?

What are your security requirements for the communication between .NET client and CXF service?

Thanks
Oli


------

Oliver Wulff

http://owulff.blogspot.com
Solution Architect
Talend Application Integration Division http://www.talend.com

________________________________________
Von: Colm O hEigeartaigh [coheigea@apache.org]
Gesendet: Freitag, 6. Januar 2012 10:52
Bis: dev@cxf.apache.org
Betreff: Re: General security error (Provided SAML token does not contain a suitable key)

You could copy the WS-Security examples system test for Secure
Conversation using your own WSDL and try to reproduce the error that
way:

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?view=markup

Colm.

On Thu, Jan 5, 2012 at 5:57 PM, danlee100 <danlee1000@yahoo.com> wrote:
> I am not sure what I could provide to you as a test-case.
>
> The WSDL on the server can be seen here:
>
> http://66.211.102.200/gen4/services/AssessmentDataService?wsdl
>
> The client hitting this service is actually a Microsoft implementation.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5123388.html
> Sent from the cxf-dev mailing list archive at Nabble.com.



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message