You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Oliver Wulff <ow...@talend.com> on 2012/06/01 00:02:45 UTC

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi Gina

The fix was that CXF complains if this element is missing.

Another option is that you download this wsdl, fix the incorrect policy definition and reference the local wsdl file in the STSClient bean.

Thanks
Oli




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 31 May 2012 23:41
To: users@cxf.apache.org
Cc: dev@cxf.apache.org; Oliver Wulff
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Hi Oliver,

<sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is. <sp:HttpsToken> is child of <wsp:Policy> here.


<wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>


You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do you have newer version available?

Gina

On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <ow...@talend.com>> wrote:
Hi Gina

Add an empty wsp:Policy element as a child to sp:HttpsToken:
</wsp:policy>

There was a fix in CXF to be spec compliant.

HTH



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.

Hi Gina

I guess it's the same policy flaw with KeyValueToken - at least the error message is the same.

Thanks
Oli


------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 01 June 2012 00:49
To: users@cxf.apache.org
Cc: dev@cxf.apache.org
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

RE: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Oliver Wulff <ow...@talend.com>.

Hi Gina

I guess it's the same policy flaw with KeyValueToken - at least the error message is the same.

Thanks
Oli


------

Oliver Wulff

Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

________________________________________
From: Gina Choi [ginachoi88@gmail.com]
Sent: 01 June 2012 00:49
To: users@cxf.apache.org
Cc: dev@cxf.apache.org
Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.

After I added an empty <wsp:Policy> as child element of <sp:HttpsToken>,
now I am seeing new complaing - 'sp:KeyValueToken/wsp:Policy must have a
value'.

WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CertificateWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type {
http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthenticationregistered.
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'UserNameWSTrustBinding_IWSTrust13Async2_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'IssuedTokenWSTrustBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'WindowsWSTrustBinding_IWSTrust13Async_policy':sp:KeyValueToken/wsp:Policy
must have a value
May 31, 2012 6:34:25 PM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider
getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IWSTrust13Async1_policy':sp:KeyValueToken/wsp:Policy must
have a value
May 31, 2012 6:34:25 PM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIthas
thrown exception, unwinding now
java.lang.IllegalArgumentException: sp:KeyValueToken/wsp:Policy must have a
value
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:65)
        at
org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder.build(KeyValueTokenBuilder.java:36)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
        at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
        at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
        at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:107)
        at
org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder.build(SupportingTokens12Builder.java:43)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
        at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)

On Thu, May 31, 2012 at 6:27 PM, Gina Choi <gi...@gmail.com> wrote:

> Hi Oliver,
>
> So, it sounds like that first option wouldn't work for me since it is
> adding more complaining(more sensitive). :)
> For the second option, are you suggesting that changing
> From:
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>
>
> To:
> <wsp:Policy><sp:HttpsToken
> RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>
>
> for each occurrence of the <sp:HttpsToken> element?
>
> On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:
>
>> Hi Gina
>>
>> The fix was that CXF complains if this element is missing.
>>
>> Another option is that you download this wsdl, fix the incorrect policy
>> definition and reference the local wsdl file in the STSClient bean.
>>
>> Thanks
>> Oli
>>
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 31 May 2012 23:41
>> To: users@cxf.apache.org
>> Cc: dev@cxf.apache.org; Oliver Wulff
>> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>>
>> Hi Oliver,
>>
>> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I
>> don't think that can modify ADFS2.0 wsdl file. It came from Microsoft as it
>> is. <sp:HttpsToken> is child of <wsp:Policy> here.
>>
>>
>> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>>
>>
>> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
>> you have newer version available?
>>
>> Gina
>>
>> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
>> owulff@talend.com>> wrote:
>> Hi Gina
>>
>> Add an empty wsp:Policy element as a child to sp:HttpsToken:
>> </wsp:policy>
>>
>> There was a fix in CXF to be spec compliant.
>>
>> HTH
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
>> Solution Architect
>> http://coders.talend.com
>>
>> <http://coders.talend.com>Talend Application Integration Division
>> http://www.talend.com
>>
>
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.

Hi Oliver,

So, it sounds like that first option wouldn't work for me since it is
adding more complaining(more sensitive). :)
For the second option, are you suggesting that changing
From:
<wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>

To:
<wsp:Policy><sp:HttpsToken
RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>

for each occurrence of the <sp:HttpsToken> element?

On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> The fix was that CXF complains if this element is missing.
>
> Another option is that you download this wsdl, fix the incorrect policy
> definition and reference the local wsdl file in the STSClient bean.
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
> ________________________________
> From: Gina Choi [ginachoi88@gmail.com]
> Sent: 31 May 2012 23:41
> To: users@cxf.apache.org
> Cc: dev@cxf.apache.org; Oliver Wulff
> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>
> Hi Oliver,
>
> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
> think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
> <sp:HttpsToken> is child of <wsp:Policy> here.
>
>
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>
>
> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
> you have newer version available?
>
> Gina
>
> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
> owulff@talend.com>> wrote:
> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>

Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)

Posted by Gina Choi <gi...@gmail.com>.

Hi Oliver,

So, it sounds like that first option wouldn't work for me since it is
adding more complaining(more sensitive). :)
For the second option, are you suggesting that changing
From:
<wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy>

To:
<wsp:Policy><sp:HttpsToken
RequireClientCertificate="false"><wsp:Policy/></sp:HttpsToken>

for each occurrence of the <sp:HttpsToken> element?

On Thu, May 31, 2012 at 6:02 PM, Oliver Wulff <ow...@talend.com> wrote:

> Hi Gina
>
> The fix was that CXF complains if this element is missing.
>
> Another option is that you download this wsdl, fix the incorrect policy
> definition and reference the local wsdl file in the STSClient bean.
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
> ________________________________
> From: Gina Choi [ginachoi88@gmail.com]
> Sent: 31 May 2012 23:41
> To: users@cxf.apache.org
> Cc: dev@cxf.apache.org; Oliver Wulff
> Subject: Re: Active Profile Problem with Apache CXF and ADFS2.0(STS)
>
> Hi Oliver,
>
> <sp:HttpsToken> only appears in ADFS2.0 wsdl file like bellow, but I don't
> think that can modify ADFS2.0 wsdl file. It came from Microsoft as it is.
> <sp:HttpsToken> is child of <wsp:Policy> here.
>
>
> <wsp:Policy><sp:HttpsToken RequireClientCertificate="true"/></wsp:Policy>
>
>
> You have mentioned that there is a fix from CXF. I am using CXF 2.6.0. Do
> you have newer version available?
>
> Gina
>
> On Thu, May 31, 2012 at 5:18 PM, Oliver Wulff <owulff@talend.com<mailto:
> owulff@talend.com>> wrote:
> Hi Gina
>
> Add an empty wsp:Policy element as a child to sp:HttpsToken:
> </wsp:policy>
>
> There was a fix in CXF to be spec compliant.
>
> HTH
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>