You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Aaruna Godthi <aa...@gmail.com> on 2012/04/11 08:17:22 UTC
saml issues with cxf
Hi
While invoking a webservice with SamlToken enabled using a dynamic client,
I've come across this issue.
The exception raised is: org.apache.cxf.ws.policy.PolicyException: These
policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
Used Policy
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy" xmlns="
http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="wss10_saml_token_service_policy" xmlns:orawsp="
http://schemas.oracle.com/ws/2006/01/policy" xmlns:orasp="
http://schemas.oracle.com/ws/2006/01/securitypolicy" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<sp:SupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SamlToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssSamlV11Token10/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
generated message
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"/>
</soap:Header>
<soap:Body>
<ns1:createOrder xmlns:ns1="http://owsm.test.wsa.bf.hs.com/"/>
</soap:Body>
</soap:Envelope>
log message from cxf
Apr 10, 2012 8:06:26 PM
org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
FINE: An exception was thrown when verifying that the effective policy for
this request was satisfied. However, this exception will not result in a
fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException:
These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
Thanks
Aaruna
Re: saml issues with cxf
Posted by Aaruna Godthi <aa...@gmail.com>.
Hi Colm
Yes, it is a cxf dynamic client.
Aaruna
On Wed, Apr 11, 2012 at 1:18 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
> The error is because there is no SAML token in the security header of
> the request. Is it a CXF client? If so how are you configuring it?
>
> Colm.
>
> On Wed, Apr 11, 2012 at 7:17 AM, Aaruna Godthi <aa...@gmail.com> wrote:
> > Hi
> >
> > While invoking a webservice with SamlToken enabled using a dynamic
> client,
> > I've come across this issue.
> >
> > The exception raised is: org.apache.cxf.ws.policy.PolicyException: These
> > policy alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
> >
> > Used Policy
> > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> > xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy"
> xmlns="
> > http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="wss10_saml_token_service_policy" xmlns:orawsp="
> > http://schemas.oracle.com/ws/2006/01/policy" xmlns:orasp="
> > http://schemas.oracle.com/ws/2006/01/securitypolicy" xmlns:xsi="
> > http://www.w3.org/2001/XMLSchema-instance">
> > <sp:SupportingTokens xmlns:sp="
> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:SamlToken sp:IncludeToken="
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> > ">
> > <wsp:Policy>
> > <sp:WssSamlV11Token10/>
> > </wsp:Policy>
> > </sp:SamlToken>
> > </wsp:Policy>
> > </sp:SupportingTokens>
> > </wsp:Policy>
> >
> >
> > generated message
> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> > <soap:Header>
> > <wsse:Security soap:mustUnderstand="1" xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "/>
> > </soap:Header>
> > <soap:Body>
> > <ns1:createOrder xmlns:ns1="http://owsm.test.wsa.bf.hs.com/"/>
> > </soap:Body>
> > </soap:Envelope>
> >
> > log message from cxf
> > Apr 10, 2012 8:06:26 PM
> > org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
> > FINE: An exception was thrown when verifying that the effective policy
> for
> > this request was satisfied. However, this exception will not result in a
> > fault. The exception raised is:
> org.apache.cxf.ws.policy.PolicyException:
> > These policy alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
> >
> > Thanks
> > Aaruna
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: saml issues with cxf
Posted by Colm O hEigeartaigh <co...@apache.org>.
The error is because there is no SAML token in the security header of
the request. Is it a CXF client? If so how are you configuring it?
Colm.
On Wed, Apr 11, 2012 at 7:17 AM, Aaruna Godthi <aa...@gmail.com> wrote:
> Hi
>
> While invoking a webservice with SamlToken enabled using a dynamic client,
> I've come across this issue.
>
> The exception raised is: org.apache.cxf.ws.policy.PolicyException: These
> policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
>
> Used Policy
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:oralgp="http://schemas.oracle.com/ws/2006/01/loggingpolicy" xmlns="
> http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="wss10_saml_token_service_policy" xmlns:orawsp="
> http://schemas.oracle.com/ws/2006/01/policy" xmlns:orasp="
> http://schemas.oracle.com/ws/2006/01/securitypolicy" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
> <sp:SupportingTokens xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:SamlToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:WssSamlV11Token10/>
> </wsp:Policy>
> </sp:SamlToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:Policy>
>
>
> generated message
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "/>
> </soap:Header>
> <soap:Body>
> <ns1:createOrder xmlns:ns1="http://owsm.test.wsa.bf.hs.com/"/>
> </soap:Body>
> </soap:Envelope>
>
> log message from cxf
> Apr 10, 2012 8:06:26 PM
> org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor handle
> FINE: An exception was thrown when verifying that the effective policy for
> this request was satisfied. However, this exception will not result in a
> fault. The exception raised is: org.apache.cxf.ws.policy.PolicyException:
> These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
>
> Thanks
> Aaruna
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com