You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by SRog <sr...@outlook.de> on 2014/10/23 14:24:57 UTC
Validation of SCT on STS
Hi,
I got a problem in validating the SCT I got from the STS.
The SCT has a format like this:
<RequestSecurityTokenResponse
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns4="http://www.w3.org/2005/08/addressing"
xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
<TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</TokenType>
<RequestedSecurityToken>
<wsc:SecurityContextToken
wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
</wsc:SecurityContextToken>
</RequestedSecurityToken>
<Lifetime>
<ns2:Created>2014-10-23T11:21:13.852Z</ns2:Created>
<ns2:Expires>2014-10-23T11:51:13.852Z</ns2:Expires>
</Lifetime>
</RequestSecurityTokenResponse>
Now I would like to call the STS to validate this token an get the status.
My request to STS include the whole token.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soap:Header/>
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate</wst:RequestType>
<wst:ValidateTarget>
<wsse:SecurityTokenReference>
<wsc:SecurityContextToken
wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
</wsc:SecurityContextToken>
</wsse:SecurityTokenReference>
</wst:ValidateTarget>
<wst:TokenType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status</wst:TokenType>
</wst:RequestSecurityToken>
<soap:Body>
</soap:Envelope>
I got the error-message "*org.apache.xerces.dom.ElementNSImpl cannot be cast
to javax.xml.bind.JAXBElement*" which is thrown in RequestParser, while cast
requestObject to org.w3c.dom.Element.
Is ther someone who could show me a correkt validate request or give me a
advice how to fix this.
Thanks,
SRog
--
View this message in context: http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Validation of SCT on STS
Posted by SRog <sr...@outlook.de>.
Ah cool.
Thats it.
Thank you,
SRog
--
View this message in context: http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228p5750263.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Validation of SCT on STS
Posted by Colm O hEigeartaigh <co...@apache.org>.
Try removing the "SecurityTokenReference" wrapping from the
SecurityContextToken.
Colm.
On Thu, Oct 23, 2014 at 1:24 PM, SRog <sr...@outlook.de> wrote:
> Hi,
> I got a problem in validating the SCT I got from the STS.
> The SCT has a format like this:
>
> <RequestSecurityTokenResponse
> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
> xmlns:ns2="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:ns3="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:ns4="http://www.w3.org/2005/08/addressing"
> xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
> <TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct
> </TokenType>
> <RequestedSecurityToken>
> <wsc:SecurityContextToken
> wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>
> <wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
> </wsc:SecurityContextToken>
> </RequestedSecurityToken>
> <Lifetime>
> <ns2:Created>2014-10-23T11:21:13.852Z</ns2:Created>
> <ns2:Expires>2014-10-23T11:51:13.852Z</ns2:Expires>
> </Lifetime>
> </RequestSecurityTokenResponse>
>
> Now I would like to call the STS to validate this token an get the status.
> My request to STS include the whole token.
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <soap:Header/>
> <soap:Body>
> <wst:RequestSecurityToken
> xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate
> </wst:RequestType>
> <wst:ValidateTarget>
> <wsse:SecurityTokenReference>
> <wsc:SecurityContextToken
> wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>
> <wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
> </wsc:SecurityContextToken>
> </wsse:SecurityTokenReference>
> </wst:ValidateTarget>
>
> <wst:TokenType>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status
> </wst:TokenType>
> </wst:RequestSecurityToken>
> <soap:Body>
> </soap:Envelope>
>
> I got the error-message "*org.apache.xerces.dom.ElementNSImpl cannot be
> cast
> to javax.xml.bind.JAXBElement*" which is thrown in RequestParser, while
> cast
> requestObject to org.w3c.dom.Element.
>
> Is ther someone who could show me a correkt validate request or give me a
> advice how to fix this.
>
> Thanks,
> SRog
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com