You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by SRog <sr...@outlook.de> on 2014/10/23 14:24:57 UTC

Validation of SCT on STS

Hi,
I got a problem in validating the SCT I got from the STS.
The SCT has a format like this:

 <RequestSecurityTokenResponse
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns4="http://www.w3.org/2005/08/addressing"
xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
         <TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</TokenType>
         <RequestedSecurityToken>
            <wsc:SecurityContextToken
wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
              
<wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
            </wsc:SecurityContextToken>
         </RequestedSecurityToken>
         <Lifetime>
            <ns2:Created>2014-10-23T11:21:13.852Z</ns2:Created>
            <ns2:Expires>2014-10-23T11:51:13.852Z</ns2:Expires>
         </Lifetime>
      </RequestSecurityTokenResponse>

Now I would like to call the STS to validate this token an get the status.
My request to STS include the whole token.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   	<soap:Header/>
  	<soap:Body>
		<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">			
		
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate</wst:RequestType>
			<wst:ValidateTarget>
				<wsse:SecurityTokenReference>
					<wsc:SecurityContextToken
wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
               		
<wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
            			</wsc:SecurityContextToken>
				</wsse:SecurityTokenReference>
			</wst:ValidateTarget>
		
<wst:TokenType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status</wst:TokenType>
		</wst:RequestSecurityToken>
	<soap:Body>
</soap:Envelope>

I got the error-message "*org.apache.xerces.dom.ElementNSImpl cannot be cast
to javax.xml.bind.JAXBElement*" which is thrown in RequestParser, while cast
requestObject to org.w3c.dom.Element.

Is ther someone who could show me a correkt validate request or give me a
advice how to fix this.

Thanks,
SRog




--
View this message in context: http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Validation of SCT on STS

Posted by SRog <sr...@outlook.de>.

Ah cool.
Thats it.

Thank you,
SRog



--
View this message in context: http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228p5750263.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Validation of SCT on STS

Posted by Colm O hEigeartaigh <co...@apache.org>.

Try removing the "SecurityTokenReference" wrapping from the
SecurityContextToken.

Colm.

On Thu, Oct 23, 2014 at 1:24 PM, SRog <sr...@outlook.de> wrote:

> Hi,
> I got a problem in validating the SCT I got from the STS.
> The SCT has a format like this:
>
>  <RequestSecurityTokenResponse
> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
> xmlns:ns2="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:ns3="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:ns4="http://www.w3.org/2005/08/addressing"
> xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
>          <TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct
> </TokenType>
>          <RequestedSecurityToken>
>             <wsc:SecurityContextToken
> wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>
> <wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
>             </wsc:SecurityContextToken>
>          </RequestedSecurityToken>
>          <Lifetime>
>             <ns2:Created>2014-10-23T11:21:13.852Z</ns2:Created>
>             <ns2:Expires>2014-10-23T11:51:13.852Z</ns2:Expires>
>          </Lifetime>
>       </RequestSecurityTokenResponse>
>
> Now I would like to call the STS to validate this token an get the status.
> My request to STS include the whole token.
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>         <soap:Header/>
>         <soap:Body>
>                 <wst:RequestSecurityToken
> xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate
> </wst:RequestType>
>                         <wst:ValidateTarget>
>                                 <wsse:SecurityTokenReference>
>                                         <wsc:SecurityContextToken
> wsu:Id="sctId-F74AD7B5D8F0C5CC4E14140632571798"
> xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>
> <wsc:Identifier>bipro:F74AD7B5D8F0C5CC4E14140632571797</wsc:Identifier>
>                                 </wsc:SecurityContextToken>
>                                 </wsse:SecurityTokenReference>
>                         </wst:ValidateTarget>
>
> <wst:TokenType>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Status
> </wst:TokenType>
>                 </wst:RequestSecurityToken>
>         <soap:Body>
> </soap:Envelope>
>
> I got the error-message "*org.apache.xerces.dom.ElementNSImpl cannot be
> cast
> to javax.xml.bind.JAXBElement*" which is thrown in RequestParser, while
> cast
> requestObject to org.w3c.dom.Element.
>
> Is ther someone who could show me a correkt validate request or give me a
> advice how to fix this.
>
> Thanks,
> SRog
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Validation-of-SCT-on-STS-tp5750228.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com