cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jsmith828 <>
Subject Getting a server error trying to read SAML assertion
Date Fri, 24 Jul 2015 20:04:38 GMT

I have CXF JAX-RS application running on Tomcat and I am trying to implement
SAML security.  The payload for the service is JSON so I thought it might be
best if I use the Authorization header to send a signed SAML assertion to
the server.  On the client I used the SamlHeaderOutInterceptor with a custom
SamlCallbackHandler to actually create and sign the assertion.  When I
execute a request to my service through my client using Membrane I can see
that the header is present:

Authorization: SAML PHNhbWwyOkFzc2VydGlvbiBJRD0...

I turned off deflation so I could even paste it into Notepad++ and base64
decode it to see the contents.  Everything looks fine.  However when the
request reaches the server I get a very obscure error from the
SamlHeaderInHandler or more specifically the AbstractSamlInHandler.  Here is
the error:

24-Jul-2015 15:27:42.429 WARNING [http-nio-8080-exec-8] Assertion
can not be read as
XML document
24-Jul-2015 15:27:42.430 WARNING [http-nio-8080-exec-8]
ception: HTTP 401 Unauthorized

Again the assertion looks perfectly fine and the XML well-formed.  I was
hoping someone might have encountered this problem before and have a
solution.  Thanks in advance.

View this message in context:
Sent from the cxf-user mailing list archive at

View raw message