cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Configuring Fediz IDP with OpenLDAP
Date Mon, 25 Jun 2012 22:18:27 GMT
Hi All,

I have an OpenLDAP in the cloud and try to configure it with Fediz IDP. I
am following directions in the link http://cxf.apache.org/fediz-idp.html. I
created jaas.config file and set JAVA_OPTS as directed. I updated
cxf-transport.xml file in STS accordingly as directed. I also added
dependencies to STS pom for ldap, but I am getting "The security token
could not be authenticated or authorized" exception. Have anyone configured
Fediz IDP with LDAP directory before? I am going to take a look further
tomorrow, but if anyone have any ideas, please let me know. I don't know if
query request has been sent to LDAP directory yet.


INFO: Inbound Message
----------------------------
ID: 1
Address: https://localhost:9443/fedizidpsts/STSService?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age
nt=[Apache CXF 2.6.2-SNAPSHOT]}
--------------------------------------
Jun 25, 2012 5:29:54 PM
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
INFO: Inbound Message
----------------------------
ID: 2
Address:
https://localhost:9443/fedizidpsts/STSService?wsdl=ws-trust-1.4.wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age
nt=[Apache CXF 2.6.2-SNAPSHOT]}
--------------------------------------
Jun 25, 2012 5:29:54 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered.
Jun 25, 2012 5:29:55 PM
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:9443/fedizidpsts/STSService
Encoding: UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=["
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Securityxmlns:wsse="
http://docs.oasis-open.org/wss/
2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soa
p:mustUnderstand="1"><wsse:UsernameToken
wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo
dy><wst:RequestSecurityToken xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2
00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReferencexmlns:wsa="
http://www.w3.o
rg/2005/08/addressing"><wsa:Address>
https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/
</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:
TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
</wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru
st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope>
--------------------------------------
Jun 25, 2012 5:29:55 PM
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
INFO: Inbound Message
----------------------------
ID: 3
Address: https://localhost:9443/fedizidpsts/STSService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive],
Content-Length=[1276], content-type=[text/xml; charset=UTF-8], host=[localh
ost:9443], pragma=[no-cache], SOAPAction=["
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"],
user-agent=[Apache CXF 2.6.2-SNAPSHOT]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Securityxmlns:wsse="
http://docs.oasis-open.org/wss/
2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soa
p:mustUnderstand="1"><wsse:UsernameToken
wsu:Id="UsernameToken-1"><wsse:Username>gchoi</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/
wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">gchoi</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Bo
dy><wst:RequestSecurityToken xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/2
00512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReferencexmlns:wsa="
http://www.w3.o
rg/2005/08/addressing"><wsa:Address>
https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/
</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:
TokenType>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
</wst:TokenType><wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-tru
st/200512/Bearer</wst:KeyType></wst:RequestSecurityToken></soap:Body></soap:Envelope>
--------------------------------------
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further
details.
Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: The security token could not be
authenticated or authorized
        at
org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189)
        at
org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
        at
org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
        at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152)
        at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
        at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
        at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
        at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
        at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Jun 25, 2012 5:29:55 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Is
sue has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The security token could not be
authenticated or authorized
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:780)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
        at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
        at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
        at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
        at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: The security token
could not be authenticated or authorized
        at
org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189)
        at
org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
        at
org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
        at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152)
        at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
        ... 27 more
Jun 25, 2012 5:29:55 PM
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
INFO: Outbound Message
---------------------------
ID: 3
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcodexmlns:ns1="
http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode><faultstring>The
security token could not be authenticate
d or authorized</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Jun 25, 2012 5:29:55 PM
org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {connection=[close], content-type=[text/xml;charset=UTF-8],
Date=[Mon, 25 Jun 2012 21:29:55 GMT], Server=[Apache-Coyote/1.1],
transfer-encodi
ng=[chunked]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcodexmlns:ns1="
http://docs.oasis-open.org
/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode><faultstring>The
security token could not be authenticate
d or authorized</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Jun 25, 2012 5:29:55 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet
INFO: Requesting security token failed
org.apache.cxf.binding.soap.SoapFault: The security token could not be
authenticated or authorized
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1673)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1526)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1434)
        at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
        at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:187)
        at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:176)
        at
org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64)
        at
org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259)
        at
org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message