You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Seshi Patibanda <se...@gmail.com> on 2009/01/26 23:17:25 UTC

Include obtained SAML token in the Security header!!

Hi all,

I am trying to include an obtained *SAML**token* in the Security header
(wsse:Security)  All I need to
do is just pass the retrieved *SAML**token* to the remote web service
(SSL-enabled) request by including it in the SOAP header.

Deployed Apache Rampart 1.4 module correctly as per the samples. Using Axis2
client and stubs generated by WSDL2Java tool. Also, using a policy based
approach (mySamlPolicy.xml attached). I can see the <*wsse:Security*> *
header* but
NO assertion *token* included *in* the SOAP *header*. Assertion tag shown *
in* the
policy file is truncated (for security reasons).

I suspect something wrong with my policy. Is there any other simpler way to
insert the dynamically retrieved SAML token (at Runtime) in to the Security
header of the SOAP request? SAML token will be passed to us as a Session
attribute at runtime.

We are fast approching our deadline and this is a show-stopper for us. Any
help in this regard is highly appreciated.

Thanks,   Seshi P.

SOAP request message:
===========================================================================

DEBUG [httpclient.wire.content] >> "<?xml version='1.0'
encoding='UTF-8'?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:*Header*
>[\n]"

[java] DEBUG [httpclient.wire.content] >> "<*wsse:Security*
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
soapenv:mustUnderstand="1"><wsu:Timestamp
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
wsu:Id="Timestamp-20735553"><wsu:Created>2009-01-24T00:44:49.546Z</wsu:Created><wsu:Expires>2009-01-24T00:49:49.546Z</wsu:Expires></wsu:Timestamp></
*wsse:Security*></soapenv:*Header*><soapenv:Body><ns1:echo
xmlns:ns1="urn:us.mil.osd.atl.avsoa.echo"><ns1:message>Hello
Seshi!</ns1:message></ns1:echo></soapenv:Body></soapenv:Envelope>" [java]

==========================================================================


SOAP response message received:
==========================================================================

DEBUG [org.apache.commons.httpclient.methods.EntityEnclosingMethod] Request
body
sent

[java] DEBUG [httpclient.wire.*header*] << "HTTP/1.1 500 Internal Server
Error[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "HTTP/1.1 500 Internal Server
Error[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "Server:
Apache-Coyote/1.1[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "Content-Type:
text/xml;charset=UTF-8[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "Content-Length: 223[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "Date: Sat, 24 Jan 2009 00:44:14
GMT[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "Connection: close[\r][\n]"

[java] DEBUG [httpclient.wire.*header*] << "[\r][\n]"

[java] DEBUG [httpclient.wire.content] << "<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>No
*SAML* Assertion was
found!</faultstring></soap:Fault></soap:Body></soap:Envelope>"

[java] ERROR [org.apache.axis2.engine.AxisEngine] SOAP *header* missing

[java] org.apache.axis2.AxisFault: SOAP *header* missing
============================================================================

Re: Include obtained SAML token in the Security header!!

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Seshi,
      Sorry I didn't see this earlier :( . Have you tried the approach in
sample 05. Storing the token received in the trust store

            TokenStorage store = TrustUtil.getTokenStore(ctx);
            store.add(responseToken);

and  passing that Id as a property in options,

            options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());

thanks,
nandana


On Tue, Jan 27, 2009 at 3:47 AM, Seshi Patibanda <se...@gmail.com> wrote:

> Hi all,
>
> I am trying to include an obtained *SAML**token* in the Security header
> (wsse:Security)  All I need to
> do is just pass the retrieved *SAML**token* to the remote web service
> (SSL-enabled) request by including it in the SOAP header.
>
> Deployed Apache Rampart 1.4 module correctly as per the samples. Using
> Axis2
> client and stubs generated by WSDL2Java tool. Also, using a policy based
> approach (mySamlPolicy.xml attached). I can see the <*wsse:Security*> *
> header* but
> NO assertion *token* included *in* the SOAP *header*. Assertion tag shown
> *in* the
> policy file is truncated (for security reasons).
>
> I suspect something wrong with my policy. Is there any other simpler way to
> insert the dynamically retrieved SAML token (at Runtime) in to the Security
> header of the SOAP request? SAML token will be passed to us as a Session
> attribute at runtime.
>
> We are fast approching our deadline and this is a show-stopper for us. Any
> help in this regard is highly appreciated.
>
> Thanks,   Seshi P.
>
> SOAP request message:
> ===========================================================================
>
> DEBUG [httpclient.wire.content] >> "<?xml version='1.0'
> encoding='UTF-8'?><soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:*Header
> *>[\n]"
>
> [java] DEBUG [httpclient.wire.content] >> "<*wsse:Security*
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> soapenv:mustUnderstand="1"><wsu:Timestamp
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> wsu:Id="Timestamp-20735553"><wsu:Created>2009-01-24T00:44:49.546Z</wsu:Created><wsu:Expires>2009-01-24T00:49:49.546Z</wsu:Expires></wsu:Timestamp></
> *wsse:Security*></soapenv:*Header*><soapenv:Body><ns1:echo
> xmlns:ns1="urn:us.mil.osd.atl.avsoa.echo"><ns1:message>Hello
> Seshi!</ns1:message></ns1:echo></soapenv:Body></soapenv:Envelope>" [java]
>
> ==========================================================================
>
>
> SOAP response message received:
> ==========================================================================
>
> DEBUG [org.apache.commons.httpclient.methods.EntityEnclosingMethod] Request
> body
> sent
>
> [java] DEBUG [httpclient.wire.*header*] << "HTTP/1.1 500 Internal Server
> Error[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "HTTP/1.1 500 Internal Server
> Error[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "Server:
> Apache-Coyote/1.1[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "Content-Type:
> text/xml;charset=UTF-8[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "Content-Length: 223[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "Date: Sat, 24 Jan 2009
> 00:44:14
> GMT[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "Connection: close[\r][\n]"
>
> [java] DEBUG [httpclient.wire.*header*] << "[\r][\n]"
>
> [java] DEBUG [httpclient.wire.content] << "<soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>No
> *SAML* Assertion was
> found!</faultstring></soap:Fault></soap:Body></soap:Envelope>"
>
> [java] ERROR [org.apache.axis2.engine.AxisEngine] SOAP *header* missing
>
> [java] org.apache.axis2.AxisFault: SOAP *header* missing
> ============================================================================
>
>
>
>