You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Oliver Wulff <ow...@talend.com> on 2012/03/01 09:15:19 UTC
TransformOutInterceptor removes WS-Addressing prefix
Hi there
I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
<bean id="transformerOut"
class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
<property name="outTransformElements">
<map>
<entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
</map>
</property>
</bean>
For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>alice</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:EndpointReference>
<wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
<ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
<ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
</wst:Claims>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971" IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z" NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
+b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
------
Oliver Wulff
http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
Talend Application Integration Division http://www.talend.com
AW: TransformOutInterceptor removes WS-Addressing prefix
Posted by Oliver Wulff <ow...@talend.com>.
Hi Aki
I've tested it with 2.5.3-SNAPSHOT and it works fine. Thanks.
Oli
________________________________________
Von: Aki Yoshida [elakito@googlemail.com]
Gesendet: Dienstag, 6. März 2012 14:41
Bis: users@cxf.apache.org
Cc: Oliver Wulff
Betreff: Re: TransformOutInterceptor removes WS-Addressing prefix
Hi Oli,
I have fixed this issue in 2.6.0-SNAPSHOT and 2.5.3.-SNAPSHOT last
week (with CXF-4150). The provided test case uses an input file
similar to your file so that I hope your scenario will work now with
the current 2.5.3 snapshot build.
If you still have problems, please let me know.
Thanks.
Regards, aki
2012/3/1 Sergey Beryozkin <sb...@gmail.com>:
> Hi Aki
>
> On 01/03/12 13:08, Aki Yoshida wrote:
>>
>> Hi Oli, Sergey,
>> there seems to be indeed some bug that causes the transformer to choke
>> on the addressing namespace. A very weird one because it only chokes
>> on the 2005/08 namespace and not the old 2004/08 namespace :-).
>> I could verify this strange behavior.
>>
> real strange :-)
>
>
>> @Sergey,
>> the message marked as the response in Oli's original mail can be used
>> as the input to the transformer. I can look into it sometime today
>> (unless you have already an idea or want to look into it later. let me
>> know).
>
> Please have a look as you've already spent some time on the issue - will be
> happy to back up if you'll have to deal with something else of the higher
> priority :-)
> Thanks, Sergey
>
>
>>
>>
>> regards, aki
>>
>> 2012/3/1 Sergey Beryozkin<sb...@gmail.com>:
>>>
>>> Hi Oli,
>>>
>>>
>>> On 01/03/12 08:15, Oliver Wulff wrote:
>>>>
>>>>
>>>> Hi there
>>>>
>>>>
>>>>
>>>> I've configured the TransformOutInterceptor in the STS to support the
>>>> old
>>>> WS-Trust standard:
>>>>
>>>>
>>>>
>>>> <bean id="transformerOut"
>>>>
>>>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>>>> <property name="outTransformElements">
>>>> <map>
>>>> <entry
>>>> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"
>>>> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>>>> </map>
>>>> </property>
>>>> </bean>
>>>>
>>>> For some reason, the transform interceptor removed the wsa ns prefix in
>>>> the AppliesTo and thus becomes invalid xml.
>>>>
>>>>
>>>>
>>>> I've tested this with soapUI. Here is the incoming request and the
>>>> returned response. Any ideas?
>>>>
>>>>
>>>>
>>>> request:
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>>>> <soap:Header>
>>>> <wsse:Security soap:mustUnderstand="1"
>>>>
>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>>>>
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>>>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>>>> <wsse:Username>alice</wsse:Username>
>>>> <wsse:Password
>>>>
>>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>>>> </wsse:UsernameToken>
>>>> </wsse:Security>
>>>> </soap:Header>
>>>> <soap:Body>
>>>> <wst:RequestSecurityToken
>>>> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
>>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>>>
>>>>
>>>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>>>>
>>>>
>>>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>>>>
>>>>
>>>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>>>> <wsp:AppliesTo
>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>> <wsa:EndpointReference>
>>>>
>>>>
>>>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>>>> </wsa:EndpointReference>
>>>> </wsp:AppliesTo>
>>>> <wst:Claims
>>>> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
>>>> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>>>> <ic:ClaimType Optional="false"
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>>>> <ic:ClaimType Optional="false"
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>>>> <ic:ClaimType Optional="false"
>>>>
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>>>> </wst:Claims>
>>>> </wst:RequestSecurityToken>
>>>> </soap:Body>
>>>> </soap:Envelope>
>>>>
>>>>
>>>
>>> is the above the way it should like ? How do the original and the broken
>>> payloads look like, which is what I believe Aki is asking too ?
>>> Please provide at least the original payload...
>>>
>>> Cheers, Sergey
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Aki Yoshida <el...@googlemail.com>.
Hi Oli,
I have fixed this issue in 2.6.0-SNAPSHOT and 2.5.3.-SNAPSHOT last
week (with CXF-4150). The provided test case uses an input file
similar to your file so that I hope your scenario will work now with
the current 2.5.3 snapshot build.
If you still have problems, please let me know.
Thanks.
Regards, aki
2012/3/1 Sergey Beryozkin <sb...@gmail.com>:
> Hi Aki
>
> On 01/03/12 13:08, Aki Yoshida wrote:
>>
>> Hi Oli, Sergey,
>> there seems to be indeed some bug that causes the transformer to choke
>> on the addressing namespace. A very weird one because it only chokes
>> on the 2005/08 namespace and not the old 2004/08 namespace :-).
>> I could verify this strange behavior.
>>
> real strange :-)
>
>
>> @Sergey,
>> the message marked as the response in Oli's original mail can be used
>> as the input to the transformer. I can look into it sometime today
>> (unless you have already an idea or want to look into it later. let me
>> know).
>
> Please have a look as you've already spent some time on the issue - will be
> happy to back up if you'll have to deal with something else of the higher
> priority :-)
> Thanks, Sergey
>
>
>>
>>
>> regards, aki
>>
>> 2012/3/1 Sergey Beryozkin<sb...@gmail.com>:
>>>
>>> Hi Oli,
>>>
>>>
>>> On 01/03/12 08:15, Oliver Wulff wrote:
>>>>
>>>>
>>>> Hi there
>>>>
>>>>
>>>>
>>>> I've configured the TransformOutInterceptor in the STS to support the
>>>> old
>>>> WS-Trust standard:
>>>>
>>>>
>>>>
>>>> <bean id="transformerOut"
>>>>
>>>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>>>> <property name="outTransformElements">
>>>> <map>
>>>> <entry
>>>> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"
>>>> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>>>> </map>
>>>> </property>
>>>> </bean>
>>>>
>>>> For some reason, the transform interceptor removed the wsa ns prefix in
>>>> the AppliesTo and thus becomes invalid xml.
>>>>
>>>>
>>>>
>>>> I've tested this with soapUI. Here is the incoming request and the
>>>> returned response. Any ideas?
>>>>
>>>>
>>>>
>>>> request:
>>>>
>>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>>>> <soap:Header>
>>>> <wsse:Security soap:mustUnderstand="1"
>>>>
>>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>>>>
>>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>>>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>>>> <wsse:Username>alice</wsse:Username>
>>>> <wsse:Password
>>>>
>>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>>>> </wsse:UsernameToken>
>>>> </wsse:Security>
>>>> </soap:Header>
>>>> <soap:Body>
>>>> <wst:RequestSecurityToken
>>>> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
>>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>>>
>>>>
>>>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>>>>
>>>>
>>>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>>>>
>>>>
>>>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>>>> <wsp:AppliesTo
>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>> <wsa:EndpointReference>
>>>>
>>>>
>>>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>>>> </wsa:EndpointReference>
>>>> </wsp:AppliesTo>
>>>> <wst:Claims
>>>> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
>>>> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>>>> <ic:ClaimType Optional="false"
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>>>> <ic:ClaimType Optional="false"
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>>>> <ic:ClaimType Optional="false"
>>>>
>>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>>>> </wst:Claims>
>>>> </wst:RequestSecurityToken>
>>>> </soap:Body>
>>>> </soap:Envelope>
>>>>
>>>>
>>>
>>> is the above the way it should like ? How do the original and the broken
>>> payloads look like, which is what I believe Aki is asking too ?
>>> Please provide at least the original payload...
>>>
>>> Cheers, Sergey
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Aki
On 01/03/12 13:08, Aki Yoshida wrote:
> Hi Oli, Sergey,
> there seems to be indeed some bug that causes the transformer to choke
> on the addressing namespace. A very weird one because it only chokes
> on the 2005/08 namespace and not the old 2004/08 namespace :-).
> I could verify this strange behavior.
>
real strange :-)
> @Sergey,
> the message marked as the response in Oli's original mail can be used
> as the input to the transformer. I can look into it sometime today
> (unless you have already an idea or want to look into it later. let me
> know).
Please have a look as you've already spent some time on the issue - will
be happy to back up if you'll have to deal with something else of the
higher priority :-)
Thanks, Sergey
>
>
> regards, aki
>
> 2012/3/1 Sergey Beryozkin<sb...@gmail.com>:
>> Hi Oli,
>>
>>
>> On 01/03/12 08:15, Oliver Wulff wrote:
>>>
>>> Hi there
>>>
>>>
>>>
>>> I've configured the TransformOutInterceptor in the STS to support the old
>>> WS-Trust standard:
>>>
>>>
>>>
>>> <bean id="transformerOut"
>>>
>>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>>> <property name="outTransformElements">
>>> <map>
>>> <entry
>>> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"
>>> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>>> </map>
>>> </property>
>>> </bean>
>>>
>>> For some reason, the transform interceptor removed the wsa ns prefix in
>>> the AppliesTo and thus becomes invalid xml.
>>>
>>>
>>>
>>> I've tested this with soapUI. Here is the incoming request and the
>>> returned response. Any ideas?
>>>
>>>
>>>
>>> request:
>>>
>>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>>> <soap:Header>
>>> <wsse:Security soap:mustUnderstand="1"
>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>>> <wsse:Username>alice</wsse:Username>
>>> <wsse:Password
>>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>>> </wsse:UsernameToken>
>>> </wsse:Security>
>>> </soap:Header>
>>> <soap:Body>
>>> <wst:RequestSecurityToken
>>> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>>
>>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>>>
>>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>>>
>>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>>> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>> <wsa:EndpointReference>
>>>
>>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>>> </wsa:EndpointReference>
>>> </wsp:AppliesTo>
>>> <wst:Claims
>>> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
>>> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>>> <ic:ClaimType Optional="false"
>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>>> <ic:ClaimType Optional="false"
>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>>> <ic:ClaimType Optional="false"
>>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>>> </wst:Claims>
>>> </wst:RequestSecurityToken>
>>> </soap:Body>
>>> </soap:Envelope>
>>>
>>>
>>
>> is the above the way it should like ? How do the original and the broken
>> payloads look like, which is what I believe Aki is asking too ?
>> Please provide at least the original payload...
>>
>> Cheers, Sergey
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Aki Yoshida <el...@googlemail.com>.
Hi Oli, Sergey,
there seems to be indeed some bug that causes the transformer to choke
on the addressing namespace. A very weird one because it only chokes
on the 2005/08 namespace and not the old 2004/08 namespace :-).
I could verify this strange behavior.
@Sergey,
the message marked as the response in Oli's original mail can be used
as the input to the transformer. I can look into it sometime today
(unless you have already an idea or want to look into it later. let me
know).
regards, aki
2012/3/1 Sergey Beryozkin <sb...@gmail.com>:
> Hi Oli,
>
>
> On 01/03/12 08:15, Oliver Wulff wrote:
>>
>> Hi there
>>
>>
>>
>> I've configured the TransformOutInterceptor in the STS to support the old
>> WS-Trust standard:
>>
>>
>>
>> <bean id="transformerOut"
>>
>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>> <property name="outTransformElements">
>> <map>
>> <entry
>> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"
>> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>> </map>
>> </property>
>> </bean>
>>
>> For some reason, the transform interceptor removed the wsa ns prefix in
>> the AppliesTo and thus becomes invalid xml.
>>
>>
>>
>> I've tested this with soapUI. Here is the incoming request and the
>> returned response. Any ideas?
>>
>>
>>
>> request:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> <soap:Header>
>> <wsse:Security soap:mustUnderstand="1"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>> <wsse:Username>alice</wsse:Username>
>> <wsse:Password
>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soap:Header>
>> <soap:Body>
>> <wst:RequestSecurityToken
>> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>
>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>>
>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>>
>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <wsa:EndpointReference>
>>
>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo>
>> <wst:Claims
>> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
>> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>> <ic:ClaimType Optional="false"
>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>> <ic:ClaimType Optional="false"
>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>> <ic:ClaimType Optional="false"
>> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>> </wst:Claims>
>> </wst:RequestSecurityToken>
>> </soap:Body>
>> </soap:Envelope>
>>
>>
>
> is the above the way it should like ? How do the original and the broken
> payloads look like, which is what I believe Aki is asking too ?
> Please provide at least the original payload...
>
> Cheers, Sergey
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Oli,
On 01/03/12 08:15, Oliver Wulff wrote:
> Hi there
>
>
>
> I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
>
>
>
> <bean id="transformerOut"
> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
> <property name="outTransformElements">
> <map>
> <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
> </map>
> </property>
> </bean>
>
> For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
>
>
>
> I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
>
>
>
> request:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>alice</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <wsa:EndpointReference>
> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
> </wst:Claims>
> </wst:RequestSecurityToken>
> </soap:Body>
> </soap:Envelope>
>
>
is the above the way it should like ? How do the original and the broken
payloads look like, which is what I believe Aki is asking too ?
Please provide at least the original payload...
Cheers, Sergey
AW: TransformOutInterceptor removes WS-Addressing prefix
Posted by Oliver Wulff <ow...@talend.com>.
Hi Aki
I use CXF 2.5.2.
Thanks
Oli
------
Oliver Wulff
http://owulff.blogspot.com
Solution Architect
Talend Application Integration Division http://www.talend.com
________________________________________
Von: Aki Yoshida [elakito@googlemail.com]
Gesendet: Donnerstag, 1. März 2012 09:59
Bis: users@cxf.apache.org
Cc: Oliver Wulff
Betreff: Re: TransformOutInterceptor removes WS-Addressing prefix
Hi Olliver,
i'll try it out and get back to you shortly.
regards, aki
2012/3/1 Oliver Wulff <ow...@talend.com>:
> Hi there
>
>
>
> I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
>
>
>
> <bean id="transformerOut"
> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
> <property name="outTransformElements">
> <map>
> <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
> </map>
> </property>
> </bean>
>
> For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
>
>
>
> I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
>
>
>
> request:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>alice</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <wsa:EndpointReference>
> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
> </wst:Claims>
> </wst:RequestSecurityToken>
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
> response:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971" IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z" NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
> GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
> BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
> NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
> MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
> aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
> WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
> +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
> AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
> HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
> oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
> MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
> ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
> c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
> bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
> AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
> Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
> b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
> bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
> aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
> Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
> LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
> CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
> AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
> 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
> fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
> vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
> mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
> A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
> amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
> dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
> SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
>
>
>
>
>
> ------
>
> Oliver Wulff
>
> http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> Talend Application Integration Division http://www.talend.com
AW: TransformOutInterceptor removes WS-Addressing prefix
Posted by Oliver Wulff <ow...@talend.com>.
Hi Aki
Everything works fine with the inbound transformation as CXF STS is able to generate a response.
For inbound, I map everything from http://schemas.xmlsoap.org/ws/2005/02/trust to http://docs.oasis-open.org/ws-sx/ws-trust/200512.
For outbound, I map everything from http://docs.oasis-open.org/ws-sx/ws-trust/200512 to http://schemas.xmlsoap.org/ws/2005/02/trust
For completeness, here is the TransformInInterceptor configuration (there is no issue with inbound, only outbound):
<bean id="transformerIn" class="org.apache.cxf.interceptor.transform.TransformInInterceptor">
<property name="inTransformElements">
<map>
<entry key="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" />
</map>
</property>
</bean>
Thanks
Oli
------
Oliver Wulff
http://owulff.blogspot.com
Solution Architect
Talend Application Integration Division http://www.talend.com
________________________________________
Von: Aki Yoshida [elakito@googlemail.com]
Gesendet: Donnerstag, 1. März 2012 10:26
Bis: Oliver Wulff
Cc: users@cxf.apache.org
Betreff: Re: TransformOutInterceptor removes WS-Addressing prefix
Hi Oliver,
which namespaces do you want to replace? Your configuration is trying
to replace namespace http://docs.oasis-open.org/ws-sx/ws-trust/200512
with namespace http://schemas.xmlsoap.org/ws/2005/02/trust for all
elements.
But the request message has no elements from this source namespace but
only those from the target namespace. So, I suppose you have pasted
the desired output data and not the input data?
If that was the case, could you provide the input data? I need to have
the input and output data so that I can compare the result.
thanks.
regards, aki
2012/3/1 Aki Yoshida <el...@googlemail.com>:
> Hi Olliver,
> i'll try it out and get back to you shortly.
> regards, aki
>
> 2012/3/1 Oliver Wulff <ow...@talend.com>:
>> Hi there
>>
>>
>>
>> I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
>>
>>
>>
>> <bean id="transformerOut"
>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>> <property name="outTransformElements">
>> <map>
>> <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>> </map>
>> </property>
>> </bean>
>>
>> For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
>>
>>
>>
>> I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
>>
>>
>>
>> request:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> <soap:Header>
>> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>> <wsse:Username>alice</wsse:Username>
>> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soap:Header>
>> <soap:Body>
>> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <wsa:EndpointReference>
>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo>
>> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>> </wst:Claims>
>> </wst:RequestSecurityToken>
>> </soap:Body>
>> </soap:Envelope>
>>
>>
>>
>>
>>
>> response:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971" IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z" NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
>> GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
>> BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
>> NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
>> MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
>> aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
>> WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
>> +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
>> AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
>> HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
>> oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
>> MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
>> ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
>> c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
>> bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
>> AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
>> Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
>> b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
>> bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
>> aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
>> Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
>> LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
>> CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
>> AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
>> 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
>> fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
>> vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
>> mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
>> A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
>> amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
>> dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
>> SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
>>
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> Talend Application Integration Division http://www.talend.com
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Aki Yoshida <el...@googlemail.com>.
Hi Oliver,
which namespaces do you want to replace? Your configuration is trying
to replace namespace http://docs.oasis-open.org/ws-sx/ws-trust/200512
with namespace http://schemas.xmlsoap.org/ws/2005/02/trust for all
elements.
But the request message has no elements from this source namespace but
only those from the target namespace. So, I suppose you have pasted
the desired output data and not the input data?
If that was the case, could you provide the input data? I need to have
the input and output data so that I can compare the result.
thanks.
regards, aki
2012/3/1 Aki Yoshida <el...@googlemail.com>:
> Hi Olliver,
> i'll try it out and get back to you shortly.
> regards, aki
>
> 2012/3/1 Oliver Wulff <ow...@talend.com>:
>> Hi there
>>
>>
>>
>> I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
>>
>>
>>
>> <bean id="transformerOut"
>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
>> <property name="outTransformElements">
>> <map>
>> <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
>> </map>
>> </property>
>> </bean>
>>
>> For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
>>
>>
>>
>> I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
>>
>>
>>
>> request:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>> <soap:Header>
>> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>> <wsse:UsernameToken wsu:Id="UsernameToken-1">
>> <wsse:Username>alice</wsse:Username>
>> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soap:Header>
>> <soap:Body>
>> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
>> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <wsa:EndpointReference>
>> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo>
>> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
>> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
>> </wst:Claims>
>> </wst:RequestSecurityToken>
>> </soap:Body>
>> </soap:Envelope>
>>
>>
>>
>>
>>
>> response:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971" IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z" NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
>> GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
>> BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
>> NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
>> MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
>> aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
>> WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
>> +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
>> AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
>> HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
>> oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
>> MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
>> ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
>> c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
>> bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
>> AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
>> Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
>> b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
>> bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
>> aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
>> Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
>> LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
>> CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
>> AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
>> 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
>> fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
>> vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
>> mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
>> A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
>> amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
>> dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
>> SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
>>
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> Talend Application Integration Division http://www.talend.com
Re: TransformOutInterceptor removes WS-Addressing prefix
Posted by Aki Yoshida <el...@googlemail.com>.
Hi Olliver,
i'll try it out and get back to you shortly.
regards, aki
2012/3/1 Oliver Wulff <ow...@talend.com>:
> Hi there
>
>
>
> I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:
>
>
>
> <bean id="transformerOut"
> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
> <property name="outTransformElements">
> <map>
> <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
> </map>
> </property>
> </bean>
>
> For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and thus becomes invalid xml.
>
>
>
> I've tested this with soapUI. Here is the incoming request and the returned response. Any ideas?
>
>
>
> request:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>alice</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
> <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <wsa:EndpointReference>
> <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
> <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
> </wst:Claims>
> </wst:RequestSecurityToken>
> </soap:Body>
> </soap:Envelope>
>
>
>
>
>
> response:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971" IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z" NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
> GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
> BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
> NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
> MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
> aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
> WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
> +b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
> AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
> HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
> oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
> MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
> ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
> c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
> bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
> AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
> Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
> b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
> bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
> aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
> Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
> LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
> CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
> AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
> 3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
> fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
> vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
> mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
> A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
> amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
> dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
> SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>
>
>
>
>
>
> ------
>
> Oliver Wulff
>
> http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> Talend Application Integration Division http://www.talend.com