Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3F5C298EE for ; Mon, 25 Jun 2012 22:18:57 +0000 (UTC) Received: (qmail 58377 invoked by uid 500); 25 Jun 2012 22:18:56 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 58325 invoked by uid 500); 25 Jun 2012 22:18:56 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 58316 invoked by uid 99); 25 Jun 2012 22:18:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jun 2012 22:18:56 +0000 X-ASF-Spam-Status: No, hits=1.8 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ginachoi88@gmail.com designates 74.125.82.169 as permitted sender) Received: from [74.125.82.169] (HELO mail-we0-f169.google.com) (74.125.82.169) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jun 2012 22:18:49 +0000 Received: by wefh52 with SMTP id h52so3911950wef.0 for ; Mon, 25 Jun 2012 15:18:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=OS0Myfpsy/7t5gGqfUirIPeesSKaV4FtPIVzmSEZ12I=; b=j+qepmXdw7mkxcWSFq2HmEHA57Kf4UmXJYWuoUR+DLL/nb9hejnfDhnI7CReWFDIio nd3OAOoRFdE7xxQ/910ICVyANMMQ0F6cYbz8AILQjGXnvMguz5U15I2Atk6A2gwOJ8UB l5FVFZH4Hk7/3+SWzi/qdq1680g1ytFGBCXMtE7/i3MtCYQwwCn2gJeYaRJClP0rk7KM WWY2hNQ0FQxGXzPZR0VWuhOLY213pDkgcY3/qhbPPgMdi73cB9Q1ujpASM75C5v62uKg 1Y4zgWZh9Eof8Psx4U/s+pKX528ZMbrzl7bRVdZuYXm3tP0/MVgBDSvXnnBmxTGm9ELW FNpw== MIME-Version: 1.0 Received: by 10.216.132.150 with SMTP id o22mr661697wei.109.1340662707533; Mon, 25 Jun 2012 15:18:27 -0700 (PDT) Received: by 10.223.70.130 with HTTP; Mon, 25 Jun 2012 15:18:27 -0700 (PDT) Date: Mon, 25 Jun 2012 18:18:27 -0400 Message-ID: Subject: Configuring Fediz IDP with OpenLDAP From: Gina Choi To: users@cxf.apache.org Content-Type: multipart/alternative; boundary=0016e6de17e77236f504c3535c55 --0016e6de17e77236f504c3535c55 Content-Type: text/plain; charset=ISO-8859-1 Hi All, I have an OpenLDAP in the cloud and try to configure it with Fediz IDP. I am following directions in the link http://cxf.apache.org/fediz-idp.html. I created jaas.config file and set JAVA_OPTS as directed. I updated cxf-transport.xml file in STS accordingly as directed. I also added dependencies to STS pom for ldap, but I am getting "The security token could not be authenticated or authorized" exception. Have anyone configured Fediz IDP with LDAP directory before? I am going to take a look further tomorrow, but if anyone have any ideas, please let me know. I don't know if query request has been sent to LDAP directory yet. INFO: Inbound Message ---------------------------- ID: 1 Address: https://localhost:9443/fedizidpsts/STSService?wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 25, 2012 5:29:54 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 2 Address: https://localhost:9443/fedizidpsts/STSService?wsdl=ws-trust-1.4.wsdl Http-Method: GET Content-Type: text/xml Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml], host=[localhost:9443], pragma=[no-cache], user-age nt=[Apache CXF 2.6.2-SNAPSHOT]} -------------------------------------- Jun 25, 2012 5:29:54 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type { http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing registered. Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 1 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Content-Type: text/xml Headers: {Accept=[*/*], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"]} Payload: gchoigchoihttp://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 3 Address: https://localhost:9443/fedizidpsts/STSService Encoding: UTF-8 Http-Method: POST Content-Type: text/xml; charset=UTF-8 Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[1276], content-type=[text/xml; charset=UTF-8], host=[localh ost:9443], pragma=[no-cache], SOAPAction=[" http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"], user-agent=[Apache CXF 2.6.2-SNAPSHOT]} Payload: gchoigchoihttp://docs.oasis-open.org/ws-sx/ws-trust/2 00512/Issue https://wkengchoi.global.sdl.corp:8443/fedizhelloworld/ http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 http://docs.oasis-open.org/ws-sx/ws-tru st/200512/Bearer -------------------------------------- SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Jun 25, 2012 5:29:55 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for { http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Is sue has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:780) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:189) at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142) at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100) at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:152) at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289) ... 27 more Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Outbound Message --------------------------- ID: 3 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml Headers: {} Payload: ns1:FailedAuthenticationThe security token could not be authenticate d or authorized -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.services.SecurityTokenService.TransportUT_Port.STS INFO: Inbound Message ---------------------------- ID: 1 Response-Code: 500 Encoding: UTF-8 Content-Type: text/xml;charset=UTF-8 Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], Date=[Mon, 25 Jun 2012 21:29:55 GMT], Server=[Apache-Coyote/1.1], transfer-encodi ng=[chunked]} Payload: ns1:FailedAuthenticationThe security token could not be authenticate d or authorized -------------------------------------- Jun 25, 2012 5:29:55 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain Security header, but it's a fault. Jun 25, 2012 5:29:55 PM org.apache.cxf.fediz.service.idp.IdpServlet doGet INFO: Requesting security token failed org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1673) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1526) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1434) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:187) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:176) at org.apache.cxf.fediz.service.idp.IdpSTSClient.requestSecurityTokenResponse(IdpSTSClient.java:64) at org.apache.cxf.fediz.service.idp.IdpServlet.requestSecurityToken(IdpServlet.java:259) at org.apache.cxf.fediz.service.idp.IdpServlet.doGet(IdpServlet.java:160) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) --0016e6de17e77236f504c3535c55--