You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Morein, Arnie" <Ar...@dps.texas.gov> on 2017/02/17 14:21:33 UTC
RE: Problem calling WCF MS service with security, policies, trust
My situation has two WSDLs: a and b.
Both use the same keystore which contains two Trusted Cert Entries and a Private Key Entry (x.509 cert). This key is supposed to be used to sign and encrypt the messages.
Calling the a::authentication.authenticate method should be over https, signed and encrypted with the cert as mentioned above. NO user credentials are supplied. A session token is returned if all is well.
The session token, along with a user name and password are to be passed into all calls for WSDL b, using the same cert for signing and encryption.
I created two maven projects, one for each WSDL, using the cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring beans file with the required jaxws:client entries for the port names, and the related key store JKS file.
Both were added to the main WAR project and in one of the Spring XML files, I added:
<!-- set up the CXF bus -->
<import resource="classpath:META-INF/cxf/cxf.xml" />
<cxf:bus>
<cxf:features>
<p:policies />
<cxf:logging />
</cxf:features>
</cxf:bus>
<import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml" />
<import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
And at boot time, spring finds those files and creates the beans. So no error THERE.
Calling the constructor for the service class and getting the port instance works for WSDL a without error.
But when calling .authenticate, I continually get the following. What gives? There isn't a SecurityTokenService listed in the a or b wsdl. I have no idea if the port name matches the syntax below ({http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or not.
Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) [VlsBusiness.class:na]
...
Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:159) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
... 270 common frames omitted
Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://aamva.org/authentication/3.1.0}Authenticate has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) [VlsBusiness.class:na]
RE: [EXTERNAL] Re: Problem calling WCF MS service with security,
policies, trust
Posted by "Morein, Arnie" <Ar...@dps.texas.gov>.
Are you implying then, that using this syntax:
<jaxws:properties>
<entry
key="ws-security.signature.properties"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="ws-security.encryption.properties"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
Isn't going to work? Where those key/value pairs are in a properties file?
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Monday, February 20, 2017 8:39 AM
To: users@cxf.apache.org
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.
Colm.
On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <cxf:bus>
> <cxf:features>
> <p:policies />
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
> <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
> <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: [EXTERNAL] Re: Problem calling WCF MS service with security,
policies, trust
Posted by "Morein, Arnie" <Ar...@dps.texas.gov>.
Regardless: I updated the cxf-xyz.xml files in each of the two WS jar projects to reflect the property names:
<jaxws:client
id="aamva-security-token-service"
name="{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService"
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
<jaxws:client
id="aamva-authentication"
name="{http://aamva.org/authentication/3.1.0}wsHttpEndPoint"
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
<jaxws:client id="aamva-vls3"
name="{http://uscis.gov/uscis/services/esb/vls/3.0}WSHttpBinding_IVLS30Service"
createdFromAPI="true"
>
<jaxws:properties>
<entry
key="security.signature.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
<entry
key="security.encryption.properties.sct"
value="/META-INF/cxf/client-crypto.properties" />
</jaxws:properties>
</jaxws:client>
No change to error message at all:
Feb21 08:02:40.666 WARN [JDBCExceptionReporter ][::] - Origination unknown: [10228][11541][3.59.81] Security exceptions occurred while loading driver. ERRORCODE=4223, SQLSTATE=null
Feb21 08:03:03.373 WARN [PhaseInterceptorChain ][::] - Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
The SecurityTokenService isn't referenced in the WSDL, so I'm assuming it is some kind of automatic service that can be included via configuration or mention somewhere? Or should I get a WSDL with it referenced explicitly?
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Monday, February 20, 2017 8:39 AM
To: users@cxf.apache.org
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.
Colm.
On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <cxf:bus>
> <cxf:features>
> <p:policies />
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
> <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
> <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [EXTERNAL] Re: Re: Problem calling WCF MS service with security,
policies, trust
Posted by Colm O hEigeartaigh <co...@apache.org>.
Newer versions of CXF use "org.apache.wss4j" for the crypto properties as
well as "security.*" for the security configuration. The
"org.apache.ws.security" configuration options as well as "ws-security.*"
are older. However both are supported in reasonably current versions of CXF.
Colm.
On Tue, Feb 21, 2017 at 2:58 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> Query, in the properties file referenced from the XML file, is this the
> right prefix for the properties?
>
> org.apache.ws.security.crypto.merlin.*
>
> The reason I ask is, the GIT URL you sent me to, the entry keys begin with
> "security.*" instead of "ws-security.*" I've seen else where; as well as
> being suffixed with ".sct".
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: [EXTERNAL] Re: Re: Problem calling WCF MS service with
security, policies, trust
Posted by "Morein, Arnie" <Ar...@dps.texas.gov>.
Query, in the properties file referenced from the XML file, is this the right prefix for the properties?
org.apache.ws.security.crypto.merlin.*
The reason I ask is, the GIT URL you sent me to, the entry keys begin with "security.*" instead of "ws-security.*" I've seen else where; as well as being suffixed with ".sct".
Re: [EXTERNAL] Re: Problem calling WCF MS service with security,
policies, trust
Posted by Colm O hEigeartaigh <co...@apache.org>.
The WSDL is fine, that port name is implied by the fact that there is a
WS-SecureConveration policy (the STSClient initiates the conversation). It
sounds like some configuration is not getting picked up. If you can't
figure it out by looking at the example I pointed you to, then please
create a JIRA with a reproducible test-case + someone will take a look.
Colm.
On Tue, Feb 21, 2017 at 2:16 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> What's interesting is, CXF is complaining about this service:
>
> Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> RequestSecurityToken has thrown exception, unwinding now
>
> Note the URL above. It isn't mentioned in the WSDL at all. The policy
> section of the WSDL is below. That URL and an STS isn't mentioned
> explicitly.
>
> This WS was developed by a .Net shop. Is something missing from their WSDL?
>
> <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
> RequireClientCertificate="false" />
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:SecureConversationToken
> sp:IncludeToken="http://
> schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
> >
> <wsp:Policy>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body />
> <sp:Header
> Name="To"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="From"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="FaultTo"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="ReplyTo"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="MessageID"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="RelatesTo"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header
> Name="Action"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body />
> </sp:EncryptedParts>
> <sp:TransportBinding>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
>
> RequireClientCertificate="false" />
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
> >
> <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> <sp:SignedParts>
> <sp:Header
> Name="To"
> Namespace="
> http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11>
> <wsp:Policy>
>
> <sp:MustSupportRefThumbprint />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
> >
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Monday, February 20, 2017 8:39 AM
> To: users@cxf.apache.org
> Subject: [EXTERNAL] Re: Problem calling WCF MS service with security,
> policies, trust
>
> For WS-SecureConversation, the configuration parameters for the "bootstrap"
> phase end with ".sct". See the examples here:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=
> systests/ws-security-examples/src/test/resources/org/apache/
> cxf/systest/wssec/examples/secconv/client.xml;h=
> b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
>
> I'm not sure if your use-case is going to work by the way. Typically,
> WS-SecureConversation is not used to obtain a token for once service and
> then re-used for another service.
>
> Colm.
>
> On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <
> Arnold.Morein@dps.texas.gov>
> wrote:
>
> > My situation has two WSDLs: a and b.
> >
> > Both use the same keystore which contains two Trusted Cert Entries and
> > a Private Key Entry (x.509 cert). This key is supposed to be used to
> > sign and encrypt the messages.
> >
> > Calling the a::authentication.authenticate method should be over
> > https, signed and encrypted with the cert as mentioned above. NO user
> > credentials are supplied. A session token is returned if all is well.
> >
> > The session token, along with a user name and password are to be
> > passed into all calls for WSDL b, using the same cert for signing and
> encryption.
> >
> > I created two maven projects, one for each WSDL, using the
> > cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> > client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> > beans file with the required jaxws:client entries for the port names,
> > and the related key store JKS file.
> >
> > Both were added to the main WAR project and in one of the Spring XML
> > files, I added:
> >
> > <!-- set up the CXF bus -->
> > <import resource="classpath:META-INF/cxf/cxf.xml" />
> > <cxf:bus>
> > <cxf:features>
> > <p:policies />
> > <cxf:logging />
> > </cxf:features>
> > </cxf:bus>
> > <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.
> xml"
> > />
> > <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
> >
> > And at boot time, spring finds those files and creates the beans. So
> > no error THERE.
> >
> > Calling the constructor for the service class and getting the port
> > instance works for WSDL a without error.
> >
> > But when calling .authenticate, I continually get the following. What
> > gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> > have no idea if the port name matches the syntax below ({
> > http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> > or not.
> >
> >
> >
> > Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] -
> Interceptor
> > for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> > SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> > } RequestSecurityToken has thrown exception, unwinding now
> > org.apache.cxf.interceptor.Fault: Security configuration could not be
> > detected. Potential cause: Make sure jaxws:client element with name
> > attribute value matching endpoint port is defined as well as a
> > security.signature.properties element within it.
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> > ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> > ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> > at
> > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> > a:178)
> > [VlsBusiness.class:na]
> > ...
> >
> > Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> > configuration could not be detected. Potential cause: Make sure
> > jaxws:client element with name attribute value matching endpoint port
> > is defined as well as a security.signature.properties element within it.
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> > er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> > :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> > ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> > ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleEndorsingSupportingToken
> > s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > ... 270 common frames omitted
> > Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] -
> Interceptor
> > for
> > {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> > aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> > unwinding now
> > org.apache.cxf.interceptor.Fault: Security configuration could not be
> > detected. Potential cause: Make sure jaxws:client element with name
> > attribute value matching endpoint port is defined as well as a
> > security.signature.properties element within it.
> > at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> > ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> > ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> > at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> > at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> > at
> > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> > a:178)
> > [VlsBusiness.class:na]
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: [EXTERNAL] Re: Problem calling WCF MS service with security,
policies, trust
Posted by "Morein, Arnie" <Ar...@dps.texas.gov>.
What's interesting is, CXF is complaining about this service:
Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now
Note the URL above. It isn't mentioned in the WSDL at all. The policy section of the WSDL is below. That URL and an STS isn't mentioned explicitly.
This WS was developed by a .Net shop. Is something missing from their WSDL?
<wsp:Policy wsu:Id="wsHttpEndPoint_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
>
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body />
<sp:Header
Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header
Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
<sp:SignedParts>
<sp:Header
Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefThumbprint />
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy />
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: Monday, February 20, 2017 8:39 AM
To: users@cxf.apache.org
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.
Colm.
On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <cxf:bus>
> <cxf:features>
> <p:policies />
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
> <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
> <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Problem calling WCF MS service with security, policies, trust
Posted by Colm O hEigeartaigh <co...@apache.org>.
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
I'm not sure if your use-case is going to work by the way. Typically,
WS-SecureConversation is not used to obtain a token for once service and
then re-used for another service.
Colm.
On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <Ar...@dps.texas.gov>
wrote:
> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and a
> Private Key Entry (x.509 cert). This key is supposed to be used to sign and
> encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over https,
> signed and encrypted with the cert as mentioned above. NO user credentials
> are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be passed
> into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring beans
> file with the required jaxws:client entries for the port names, and the
> related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <cxf:bus>
> <cxf:features>
> <p:policies />
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
> <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
> <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So no
> error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I have
> no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or
> not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
> [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
> [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port is
> defined as well as a security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain ][::] - Interceptor
> for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
> at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
> [VlsBusiness.class:na]
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com