You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Gina Choi <gi...@gmail.com> on 2012/05/31 22:14:38 UTC

Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi All,

Previously I was able to run Fediz WS-Federation with ADFS2.0 with help
from Oliver Wulff. Thank you.

Now I try to test if Apache CXF can support ADFS2.0 actvie profile.

I followed Glen Mazza's blog -
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial. Thanks, Glen. It was
very helpful. Basically it has WSP, WSC and STS(Apache CXF) and WSP is
configured to use Symmetric bindings. Authentication between WSC and STS is
done using UT.
Now I am trying to switch Apache STS to ADFS2.0 and updated WSP wsdl file
and client configuration file accordingly.

1. WSP
I have updated <sp:Issuer> element from WSP wsdl like bellow. I could
comment out this elment, but it seems the only place that I can specify
ADFS endpoint which is
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

                           <sp:Issuer>
                              <wsaw:Address>
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</wsaw:Address>
                              <wsaw:Metadata>
                                 <wsx:Metadata>
                                    <wsx:MetadataSection>
                                       <wsx:MetadataReference>
                                          <wsaw:Address>
https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address>
                                       </wsx:MetadataReference>
                                    </wsx:MetadataSection>
                                 </wsx:Metadata>
                              </wsaw:Metadata>
                           </sp:Issuer>

2. WSC
I updated client configuration file as follow.

               <bean class="org.apache.cxf.ws.security.trust.STSClient">
     <constructor-arg ref="cxf"/>
     <property name="wsdlLocation" value="
https://strts01.ams.dev/adfs/services/trust/mex"/>
     <property name="serviceName" value="{
http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService
"/>
     <property name="endpointName" value="{
http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async2
"/>

When I run client, but I am getting following error message. It basically
read everything in ADFS2.0 wsdl file and complaining if something it
doesn't like it. The port that I am trying to use is
UserNameWSTrustBinding_IWSTrust13Async2 and it uses
UserNameWSTrustBinding_IWSTrust13Async2_policy, but as you can see from
bellow, CXF failed to build this policy. I put port name in value field of
the endpointName in client configuration file, but I am not sure if I set
it correctly. The ADFS2.0 endpoint that I am trying to use is
https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

I have attached zipped ADFS wsdl file. I would appreciate if anyone let me
know if what I try to do is feasible.


WARNING: *Failed to build the policy* *
'UserNameWSTrustBinding_IWSTrust13Async2_policy'*:sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 3:37:51 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have
a value
May 31, 2012 3:37:51 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at
org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at
org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at
org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at
org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at
org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at
org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at
org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
sp:HttpsToken/wsp:Policy must have a value
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy
must have a value
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at
org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at
org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at
org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at
org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at
org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at
org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at
org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at
org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at
org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at
org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at
org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at
org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at
org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at
org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 3 more

Gina

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

I guess it's the same policy flaw with KeyValueToken - at least the error message is the same.

Thanks
Oli


------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 01 June 2012 00:49
To: users@cxf.apache.org
Cc: dev@cxf.apache.org
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

I guess it's the same policy flaw with KeyValueToken - at least the error message is the same.

Thanks
Oli


------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 01 June 2012 00:49
To: users@cxf.apache.org
Cc: dev@cxf.apache.org
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
Hi Oliver,

So, it sounds like that first option wouldn't work for me since it is
adding more complaining(more sensitive). :)
For the second option, are you suggesting that changing
From:
<wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>

To:
<wsp:Policy><sp:HttpsToken
RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>

for each occurrence of the <sp:HttpsToken> element?

On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> The fix was that CXF complains if this element is missing.
>
> Another option is that you download this wsdl, fix the incorrect policy
> definition and reference the local wsdl file in the STSClient bean.
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
> ________________________________
> From: Gina Choi [ginachoi88@gmail.com]
> Sent: 31 May 2012 23:41
> To: users@cxf.apache.org
> Cc: dev@cxf.apache.org; Oliver Wulff
> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>
> Hi Oliver,
>
> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
> think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
> <sp:HttpsToken> is child of <wsp:Policy> here.
>
>
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>
>
> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
> you have newer version available?
>
> Gina
>
> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
> owulff@talend.com>> wrote:
> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
Hi Oliver,

So, it sounds like that first option wouldn't work for me since it is
adding more complaining(more sensitive). :)
For the second option, are you suggesting that changing
From:
<wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>

To:
<wsp:Policy><sp:HttpsToken
RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>

for each occurrence of the <sp:HttpsToken> element?

On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> The fix was that CXF complains if this element is missing.
>
> Another option is that you download this wsdl, fix the incorrect policy
> definition and reference the local wsdl file in the STSClient bean.
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
> ________________________________
> From: Gina Choi [ginachoi88@gmail.com]
> Sent: 31 May 2012 23:41
> To: users@cxf.apache.org
> Cc: dev@cxf.apache.org; Oliver Wulff
> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>
> Hi Oliver,
>
> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
> think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
> <sp:HttpsToken> is child of <wsp:Policy> here.
>
>
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>
>
> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
> you have newer version available?
>
> Gina
>
> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
> owulff@talend.com>> wrote:
> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

The fix was that CXF complains if this element is missing.

Another option is that you download this wsdl, fix the incorrect policy definition and reference the local wsdl file in the STSClient bean.

Thanks
Oli




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 31 May 2012 23:41
To: users@cxf.apache.org
Cc: dev@cxf.apache.org; Oliver Wulff
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi Oliver,

<sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is. <sp:HttpsToken> is child of <wsp:Policy> here.


<wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>


You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do you have newer version available?

Gina

On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <ow...@talend.com>> wrote:
Hi Gina

Add an empty wsp:Policy element as a child to sp:HttpsToken:
</wsp:policy>

There was a fix in CXF to be spec compliant.

HTH



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

The fix was that CXF complains if this element is missing.

Another option is that you download this wsdl, fix the incorrect policy definition and reference the local wsdl file in the STSClient bean.

Thanks
Oli




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 31 May 2012 23:41
To: users@cxf.apache.org
Cc: dev@cxf.apache.org; Oliver Wulff
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi Oliver,

<sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is. <sp:HttpsToken> is child of <wsp:Policy> here.


<wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>


You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do you have newer version available?

Gina

On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <ow...@talend.com>> wrote:
Hi Gina

Add an empty wsp:Policy element as a child to sp:HttpsToken:
</wsp:policy>

There was a fix in CXF to be spec compliant.

HTH



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
Hi Oliver,

<sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
<sp:HttpsToken> is child of <wsp:Policy> here.


<wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>


You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
you have newer version available?

Gina

On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.
Hi Oliver,

<sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
<sp:HttpsToken> is child of <wsp:Policy> here.


<wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>


You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
you have newer version available?

Gina

On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

Add an empty wsp:Policy element as a child to sp:HttpsToken:
</wsp:policy>

There was a fix in CXF to be spec compliant.

HTH



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 31 May 2012 22:14
To: users@cxf.apache.org; dev@cxf.apache.org
Subject: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi All,

Previously I was able to run Fediz WS-Federation with ADFS2.0 with help from Oliver Wulff. Thank you.

Now I try to test if Apache CXF can support ADFS2.0 actvie profile.

I followed Glen Mazza's blog - http://www.jroller.com/gmazza/entry/cxf_sts_tutorial. Thanks, Glen. It was very helpful. Basically it has WSP, WSC and STS(Apache CXF) and WSP is configured to use Symmetric bindings. Authentication between WSC and STS is done using UT.
Now I am trying to switch Apache STS to ADFS2.0 and updated WSP wsdl file and client configuration file accordingly.

1. WSP
I have updated <sp:Issuer> element from WSP wsdl like bellow. I could comment out this elment, but it seems the only place that I can specify ADFS endpoint which is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

                           <sp:Issuer>
                              <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</wsaw:Address>
                              <wsaw:Metadata>
                                 <wsx:Metadata>
                                    <wsx:MetadataSection>
                                       <wsx:MetadataReference>
                                          <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address>
                                       </wsx:MetadataReference>
                                    </wsx:MetadataSection>
                                 </wsx:Metadata>
                              </wsaw:Metadata>
                           </sp:Issuer>

2. WSC
I updated client configuration file as follow.

               <bean class="org.apache.cxf.ws.security.trust.STSClient">
     <constructor-arg ref="cxf"/>
     <property name="wsdlLocation" value="https://strts01.ams.dev/adfs/services/trust/mex"/>
     <property name="serviceName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/>
     <property name="endpointName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async2"/>

When I run client, but I am getting following error message. It basically read everything in ADFS2.0 wsdl file and complaining if something it doesn't like it. The port that I am trying to use is UserNameWSTrustBinding_IWSTrust13Async2 and it uses UserNameWSTrustBinding_IWSTrust13Async2_policy, but as you can see from bellow, CXF failed to build this policy. I put port name in value field of the endpointName in client configuration file, but I am not sure if I set it correctly. The ADFS2.0 endpoint that I am trying to use is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

I have attached zipped ADFS wsdl file. I would appreciate if anyone let me know if what I try to do is feasible.


WARNING: Failed to build the policy 'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'CustomBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 3 more

Gina

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.
Hi Gina

Add an empty wsp:Policy element as a child to sp:HttpsToken:
</wsp:policy>

There was a fix in CXF to be spec compliant.

HTH



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 31 May 2012 22:14
To: users@cxf.apache.org; dev@cxf.apache.org
Subject: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi All,

Previously I was able to run Fediz WS-Federation with ADFS2.0 with help from Oliver Wulff. Thank you.

Now I try to test if Apache CXF can support ADFS2.0 actvie profile.

I followed Glen Mazza's blog - http://www.jroller.com/gmazza/entry/cxf_sts_tutorial. Thanks, Glen. It was very helpful. Basically it has WSP, WSC and STS(Apache CXF) and WSP is configured to use Symmetric bindings. Authentication between WSC and STS is done using UT.
Now I am trying to switch Apache STS to ADFS2.0 and updated WSP wsdl file and client configuration file accordingly.

1. WSP
I have updated <sp:Issuer> element from WSP wsdl like bellow. I could comment out this elment, but it seems the only place that I can specify ADFS endpoint which is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

                           <sp:Issuer>
                              <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/13/usernamemixed</wsaw:Address>
                              <wsaw:Metadata>
                                 <wsx:Metadata>
                                    <wsx:MetadataSection>
                                       <wsx:MetadataReference>
                                          <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address>
                                       </wsx:MetadataReference>
                                    </wsx:MetadataSection>
                                 </wsx:Metadata>
                              </wsaw:Metadata>
                           </sp:Issuer>

2. WSC
I updated client configuration file as follow.

               <bean class="org.apache.cxf.ws.security.trust.STSClient">
     <constructor-arg ref="cxf"/>
     <property name="wsdlLocation" value="https://strts01.ams.dev/adfs/services/trust/mex"/>
     <property name="serviceName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"/>
     <property name="endpointName" value="{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async2"/>

When I run client, but I am getting following error message. It basically read everything in ADFS2.0 wsdl file and complaining if something it doesn't like it. The port that I am trying to use is UserNameWSTrustBinding_IWSTrust13Async2 and it uses UserNameWSTrustBinding_IWSTrust13Async2_policy, but as you can see from bellow, CXF failed to build this policy. I put port name in value field of the endpointName in client configuration file, but I am not sure if I set it correctly. The ADFS2.0 endpoint that I am trying to use is https://strts01.ams.dev/adfs/services/trust/13/usernamemixed

I have attached zipped ADFS wsdl file. I would appreciate if anyone let me know if what I try to do is feasible.


WARNING: Failed to build the policy 'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider getElementPolicy
WARNING: Failed to build the policy 'CustomBinding_IWSTrust13Async1_policy':sp:HttpsToken/wsp:Policy must have a value
May 31, 2012 3:37:51 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
        at $Proxy25.doubleIt(Unknown Source)
        at client.WSClient.doubleIt(WSClient.java:18)
        at client.WSClient.main(WSClient.java:11)
Caused by: java.lang.IllegalArgumentException: sp:HttpsToken/wsp:Policy must have a value
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:77)
        at org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder.build(HttpsTokenBuilder.java:50)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder.build(TransportTokenBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.processAlternative(TransportBindingBuilder.java:85)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:57)
        at org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder.build(TransportBindingBuilder.java:41)
        at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217)
        at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180)
        at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215)
        at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:279)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:264)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:216)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:170)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:163)
        at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:100)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:417)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:150)
        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:139)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)
        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)
        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)
        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:319)
        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:304)
        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)
        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)
        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)
        at org.apache.cxf.endpoint.UpfrontConduitSelector.selectConduit(UpfrontConduitSelector.java:77)
        at org.apache.cxf.endpoint.ClientImpl.getConduit(ClientImpl.java:842)
        at org.apache.cxf.ws.security.trust.STSClient.findOperation(STSClient.java:569)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:609)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:602)
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:594)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:404)
        at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:188)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
        ... 3 more

Gina