cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Active Profile Problem with Apache CXF and ADFS2.0(STS)
Date Thu, 31 May 2012 20:14:38 GMT
Hi All,

Previously I was able to run Fediz WS-Federation with ADFS2.0 with help
from Oliver Wulff. Thank you.

Now I try to test if Apache CXF can support ADFS2.0 actvie profile.

I followed Glen Mazza's blog -
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial. Thanks, Glen. It was
very helpful. Basically it has WSP, WSC and STS(Apache CXF) and WSP is
configured to use Symmetric bindings. Authentication between WSC and STS is
done using UT.
Now I am trying to switch Apache STS to ADFS2.0 and updated WSP wsdl file
and client configuration file accordingly.

1. WSP
I have updated <sp:Issuer> element from WSP wsdl like bellow. I could
comment out this elment, but it seems the only place that I can specify
ADFS endpoint which is
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

                           <sp:Issuer>
                              <wsaw:Address>
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</wsaw:Address>
                              <wsaw:Metadata>
                                 <wsx:Metadata>
                                    <wsx:MetadataSection>
                                       <wsx:MetadataReference>
                                          <wsaw:Address>
https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address>
                                       </wsx:MetadataReference>
                                    </wsx:MetadataSection>
                                 </wsx:Metadata>
                              </wsaw:Metadata>
                           </sp:Issuer>

2. WSC
I updated client configuration file as follow.

               <bean class="org.apache.cxf.ws.security.trust.STSClient">
     <constructor-arg ref="cxf"/>
     <property name="wsdlLocation" value="
https://strts01.ams.dev/adfs/services/trust/mex"/>
     <property name="serviceName" value="{
http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService
"/>
     <property name="endpointName" value="{
http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async2
"/>

When I run client, but I am getting following error message. It basically
read everything in ADFS2.0 wsdl file and complaining if something it
doesn't like it. The port that I am trying to use is
UserNameWSTrustBinding_IWSTrust13Async2 and it uses
UserNameWSTrustBinding_IWSTrust13Async2_policy, but as you can see from
bellow, CXF failed to build this policy. I put port name in value field of
the endpointName in client configuration file, but I am not sure if I set
it correctly. The ADFS2.0 endpoint that I am trying to use is
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

I have attached zipped ADFS wsdl file. I would appreciate if anyone let me
know if what I try to do is feasible.


WARNING: *Failed to build the policy* *
'UserNameWSTrustBinding_IWSTrust13Async2_policy'*:sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have
a value
May 31, 2012 3:37:51 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at
org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at
org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at
org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at
org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at
org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at
org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at
org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
sp:HttpsToken/wsp:Policy must have a value
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy
must have a value
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at
org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at
org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at
org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at
org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at
org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at
org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at
org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 3 more

Gina

Mime
View raw message