You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by Stefan Lischke <s....@zertificon.com> on 2008/05/05 12:11:06 UTC

Rampart 1.4 for Axis2 1.4

Hi,

Great to see the latest Axis2 release. When will there be a matching
Rampart release?
Or is the RC1[1] ok?

Thanks in advance

Stefan


[1] http://people.apache.org/~nandana/rampart-1.4/RC1/




---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org

Re: Rampart 1.4 for Axis2 1.4

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Plamena,

On Wed, May 14, 2008 at 6:54 PM, Plamena Chongova <pc...@gmail.com>
wrote:

> Hi all,
> I have tested the samples of RC2 and I have encountered a problem in sample
> 05. The response is:
>
>

Can you try replacing the openSAML jar with this jar [1]. There is a known
issue which causes this problem which is fixed in this jar.

thanks,
nandana

[1] - http://dist.wso2.org/maven2/opensaml/opensaml/1.1.406/

Re: Rampart 1.4 for Axis2 1.4

Posted by Plamena Chongova <pc...@gmail.com>.

Hi all,
I have tested the samples of RC2 and I have encountered a problem in sample
05. The response is:


<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">

<wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>

<wsa:RelatesTo>urn:uuid:DC6CBC0805A79583451210760374233</wsa:RelatesTo>

</soapenv:Header>

<soapenv:Body>

<soapenv:Fault xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">

<faultcode>wsse:InvalidSecurity</faultcode>

<faultstring>General security error (SAML token security failure); nested
exception is:

org.opensaml.MalformedException: Subject is invalid, requires either
NameIdentifier or at least one ConfirmationMethod</faultstring>

<detail/>

</soapenv:Fault>

</soapenv:Body>

</soapenv:Envelope>
In fact the SAML assertion looks like this:


<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="
urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="
urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="
http://www.w3.org/2001/XMLSchema" AssertionID="
_7816cc0f3175b845fe6885392887dcfb" IssueInstant="2008-05-14T08:55:39.906Z"Issuer
="SAMPLE_STS" MajorVersion="1" MinorVersion="1">

<Conditions NotBefore="2008-05-14T08:55:39.906Z" NotOnOrAfter="
2008-05-14T09:00:39.906Z"/>

<AttributeStatement>

<Subject>

<SubjectConfirmation>

<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</
ConfirmationMethod>

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<xenc:EncryptedKey xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="
EncKeyId-urn:uuid:FF61AF1C61F5F11915121075533990612">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5
"/>

<ds:KeyInfo>

<wsse:SecurityTokenReference xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">

<wsse:KeyIdentifier EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
" ValueType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>aRbQNN6......xenc:CipherValue>

</xenc:CipherData>

</xenc:EncryptedKey>

</KeyInfo>

</SubjectConfirmation>

</Subject>

<Attribute AttributeName="Name" AttributeNamespace="
https://rahas.apache.org/saml/attrns">

<AttributeValue>Colombo/Rahas</AttributeValue>

</Attribute>

</AttributeStatement>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference URI="#_7816cc0f3175b845fe6885392887dcfb">

<ds:Transforms>

<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"PrefixList
="code ds kind rw saml samlp typens #default xsd xsi"/>

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>mIaVRuYws25Y9M/LYs8p2jUxp6c=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>gspHip...</ds:SignatureValue>

<ds:KeyInfo>

<ds:X509Data>

<ds:X509Certificate>MIICTjC.....</ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

</ds:Signature>

</Assertion>
Does anybody else have the same error?

Thanks,
Plamena

On Mon, May 5, 2008 at 5:31 PM, Nandana Mihindukulasooriya <
nandana.cse@gmail.com> wrote:

> Hi,
>   Please do the testing with Rampart RC2 which can be found here.
>
> [1] - http://people.apache.org/~nandana/rampart-1.4/RC2/
>
> it depends on the Axis2 1.4 release.
>
> thanks,
> nandana
>
>
> On Mon, May 5, 2008 at 4:27 PM, Stefan Lischke <s....@zertificon.com>
> wrote:
>
>> Hi,
>>
>> found for myself:
>>
>>
>> http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200805.mbox/%3c9e2fff830805021124h6b3fe469s400c1d73acc2aaa1@mail.gmail.com%3e
>>
>> sorry
>>
>> Stefan
>>
>>
>> Stefan Lischke wrote:
>> > Hi,
>> >
>> > Great to see the latest Axis2 release. When will there be a matching
>> > Rampart release?
>> > Or is the RC1[1] ok?
>> >
>> > Thanks in advance
>> >
>> > Stefan
>> >
>> >
>> > [1] http://people.apache.org/~nandana/rampart-1.4/RC1/
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: axis-dev-help@ws.apache.org
>> >
>> >
>> >
>> >
>>
>

Re: Rampart 1.4 for Axis2 1.4

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi,
  Please do the testing with Rampart RC2 which can be found here.

[1] - http://people.apache.org/~nandana/rampart-1.4/RC2/<http://people.apache.org/%7Enandana/rampart-1.4/RC2/>

it depends on the Axis2 1.4 release.

thanks,
nandana

On Mon, May 5, 2008 at 4:27 PM, Stefan Lischke <s....@zertificon.com>
wrote:

> Hi,
>
> found for myself:
>
>
> http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200805.mbox/%3c9e2fff830805021124h6b3fe469s400c1d73acc2aaa1@mail.gmail.com%3e
>
> sorry
>
> Stefan
>
>
> Stefan Lischke wrote:
> > Hi,
> >
> > Great to see the latest Axis2 release. When will there be a matching
> > Rampart release?
> > Or is the RC1[1] ok?
> >
> > Thanks in advance
> >
> > Stefan
> >
> >
> > [1] http://people.apache.org/~nandana/rampart-1.4/RC1/<http://people.apache.org/%7Enandana/rampart-1.4/RC1/>
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >
> >
> >
> >
>

Re: Rampart 1.4 for Axis2 1.4

Posted by Stefan Lischke <s....@zertificon.com>.

Hi,

found for myself:

http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200805.mbox/%3c9e2fff830805021124h6b3fe469s400c1d73acc2aaa1@mail.gmail.com%3e

sorry

Stefan


Stefan Lischke wrote:
> Hi,
>
> Great to see the latest Axis2 release. When will there be a matching
> Rampart release?
> Or is the RC1[1] ok?
>
> Thanks in advance
>
> Stefan
>
>
> [1] http://people.apache.org/~nandana/rampart-1.4/RC1/
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
>
>