You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by danlee100 <da...@yahoo.com> on 2012/01/03 18:00:39 UTC
Re: General security error (Provided SAML token does not contain a
suitable key)
I just noticed that CXF 2.5.1 is out now. Is the problem I supported fixed in
this release? Let me know if you know offhand. I guess I could download it
and test it, but I would like to know if you could tell me. Thanks.
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5117386.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Amir,
Yes, CXF supports server-side WS-SecureConversation. You could take a
look at the following system test to see how it works. The tests is
here:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?view=markup
The server WSDL with policy is here:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl?view=markup
The server configuration is here:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml?view=markup
Colm.
On Wed, Jan 4, 2012 at 3:43 PM, Amir Bahramian <ba...@gmail.com> wrote:
> Could I ask a question. Does cxf support server side ws-secureconversation
> (+ ws-trust)?
> Does it interoperate with WCF? I found something in source repository but
> not in binary. Is there
> any document explaining how I can use it on server side?
>
> Thanks in advance.
>
> On Wed, Jan 4, 2012 at 10:24 AM, Daniel Kulp <dk...@apache.org> wrote:
>
>> On Tuesday, January 03, 2012 1:17:15 PM danlee100 wrote:
>> > After I upgraded CXF to 2.5.1, I am getting another error. It seems that
>> > RequestSecurityToken is not recognized.
>>
>> This looks like a SecureConversation request. Does the wsdl define a ws-
>> secureconverstation policy?
>>
>> Also, what cxf "jars" do you have on the classpath. You likely need the
>> ws-policy, ws-security, ws-addressing jars. With 2.5, we did reduce
>> some of
>> the dependencies so you may need to add some of them back on if they are
>> needed.
>>
>> Dan
>>
>>
>>
>> >
>> > 2012-01-03 12:19:13,700 [MIND] WARN [http-192.168.168.51-80-1]
>> > org.apache.cxf.phase.PhaseInterceptorChain.doLog(384) | Interceptor for
>> > {http://schema.bli.org/}AssessmentDataService has thrown exception,
>> > unwinding now
>> > org.apache.cxf.interceptor.Fault: Message part
>> > {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityTokenwas
>> > not recognized. (Does it exist in service WSDL?)
>> > at
>> >
>> org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralI
>> > nInterceptor.java:197) at
>> >
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
>> > .java:263) at
>> >
>> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb
>> > server.java:123) at
>> >
>> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes
>> > tination.java:207) at
>> >
>> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet
>> > Controller.java:213) at
>> >
>> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
>> > java:193) at
>> >
>> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ
>> > let.java:126) at
>> >
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH
>> > TTPServlet.java:185) at
>> >
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ
>> > let.java:108) at
>> > javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at
>> >
>> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer
>> > vlet.java:164)
>> >
>> >
>> > --
>> > View this message in context:
>> >
>> http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-tok
>> > en-does-not-contain-a-suitable-key-tp4990489p5117995.html Sent from the
>> > cxf-dev mailing list archive at Nabble.com.
>> --
>> Daniel Kulp
>> dkulp@apache.org - http://dankulp.com/blog
>> Talend Community Coder - http://coders.talend.com
>>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Amir Bahramian <ba...@gmail.com>.
Could I ask a question. Does cxf support server side ws-secureconversation
(+ ws-trust)?
Does it interoperate with WCF? I found something in source repository but
not in binary. Is there
any document explaining how I can use it on server side?
Thanks in advance.
On Wed, Jan 4, 2012 at 10:24 AM, Daniel Kulp <dk...@apache.org> wrote:
> On Tuesday, January 03, 2012 1:17:15 PM danlee100 wrote:
> > After I upgraded CXF to 2.5.1, I am getting another error. It seems that
> > RequestSecurityToken is not recognized.
>
> This looks like a SecureConversation request. Does the wsdl define a ws-
> secureconverstation policy?
>
> Also, what cxf "jars" do you have on the classpath. You likely need the
> ws-policy, ws-security, ws-addressing jars. With 2.5, we did reduce
> some of
> the dependencies so you may need to add some of them back on if they are
> needed.
>
> Dan
>
>
>
> >
> > 2012-01-03 12:19:13,700 [MIND] WARN [http-192.168.168.51-80-1]
> > org.apache.cxf.phase.PhaseInterceptorChain.doLog(384) | Interceptor for
> > {http://schema.bli.org/}AssessmentDataService has thrown exception,
> > unwinding now
> > org.apache.cxf.interceptor.Fault: Message part
> > {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityTokenwas
> > not recognized. (Does it exist in service WSDL?)
> > at
> >
> org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralI
> > nInterceptor.java:197) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
> > .java:263) at
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb
> > server.java:123) at
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes
> > tination.java:207) at
> >
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet
> > Controller.java:213) at
> >
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
> > java:193) at
> >
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ
> > let.java:126) at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH
> > TTPServlet.java:185) at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ
> > let.java:108) at
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer
> > vlet.java:164)
> >
> >
> > --
> > View this message in context:
> >
> http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-tok
> > en-does-not-contain-a-suitable-key-tp4990489p5117995.html Sent from the
> > cxf-dev mailing list archive at Nabble.com.
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by danlee100 <da...@yahoo.com>.
I do have those jars in the class path. Yes, it is secure conversation. Here
is the actual WSDL:
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:tns="http://schema.bli.org/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
xmlns:wsa10="http://www.w3.org/2005/08/addressing"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
name="AssessmentDataService" targetNamespace="http://schema.bli.org/">
<wsdl:types>
<xsd:schema elementFormDefault="qualified"
targetNamespace="http://schema.bli.org/">
<xsd:element name="GetSourceSchema">
<xsd:complexType>
<xsd:sequence/>
</xsd:complexType>
</xsd:element>
<xsd:element name="GetSourceSchemaResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element
xmlns:q1="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
minOccurs="0" name="GetSourceSchemaResult" nillable="true"
type="q1:ArrayOfSourceSchema"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="GetData">
<xsd:complexType>
<xsd:sequence>
<xsd:element minOccurs="0" name="source" nillable="true"
type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="GetDataResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element
xmlns:q2="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
minOccurs="0" name="GetDataResult" nillable="true" type="q2:DataResult"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="GetDataRange">
<xsd:complexType>
<xsd:sequence>
<xsd:element minOccurs="0" name="source" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="start" type="xsd:dateTime"/>
<xsd:element minOccurs="0" name="end" type="xsd:dateTime"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="GetDataRangeResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element
xmlns:q3="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
minOccurs="0" name="GetDataRangeResult" nillable="true"
type="q3:DataResult"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="Login">
<xsd:complexType>
<xsd:sequence>
<xsd:element minOccurs="0" name="username" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="service" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="password" nillable="true"
type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="LoginResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element
xmlns:q4="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
minOccurs="0" name="LoginResult" nillable="true" type="q4:Result"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="Logout">
<xsd:complexType>
<xsd:sequence/>
</xsd:complexType>
</xsd:element>
<xsd:element name="LogoutResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element
xmlns:q5="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
minOccurs="0" name="LogoutResult" nillable="true" type="q5:Result"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://schemas.microsoft.com/2003/10/Serialization/"
attributeFormDefault="qualified" elementFormDefault="qualified"
targetNamespace="http://schemas.microsoft.com/2003/10/Serialization/">
<xs:element name="anyType" nillable="true" type="xs:anyType"/>
<xs:element name="anyURI" nillable="true" type="xs:anyURI"/>
<xs:element name="base64Binary" nillable="true"
type="xs:base64Binary"/>
<xs:element name="boolean" nillable="true" type="xs:boolean"/>
<xs:element name="byte" nillable="true" type="xs:byte"/>
<xs:element name="dateTime" nillable="true" type="xs:dateTime"/>
<xs:element name="decimal" nillable="true" type="xs:decimal"/>
<xs:element name="double" nillable="true" type="xs:double"/>
<xs:element name="float" nillable="true" type="xs:float"/>
<xs:element name="int" nillable="true" type="xs:int"/>
<xs:element name="long" nillable="true" type="xs:long"/>
<xs:element name="QName" nillable="true" type="xs:QName"/>
<xs:element name="short" nillable="true" type="xs:short"/>
<xs:element name="string" nillable="true" type="xs:string"/>
<xs:element name="unsignedByte" nillable="true"
type="xs:unsignedByte"/>
<xs:element name="unsignedInt" nillable="true" type="xs:unsignedInt"/>
<xs:element name="unsignedLong" nillable="true"
type="xs:unsignedLong"/>
<xs:element name="unsignedShort" nillable="true"
type="xs:unsignedShort"/>
<xs:element name="char" nillable="true" type="tns:char"/>
<xs:simpleType name="char">
<xs:restriction base="xs:int"/>
</xs:simpleType>
<xs:element name="duration" nillable="true" type="tns:duration"/>
<xs:simpleType name="duration">
<xs:restriction base="xs:duration">
<xs:pattern value="\-?P(\d*D)?(T(\d*H)?(\d*M)?(\d*(\.\d*)?S)?)?"/>
<xs:minInclusive value="-P10675199DT2H48M5.4775808S"/>
<xs:maxInclusive value="P10675199DT2H48M5.4775807S"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="guid" nillable="true" type="tns:guid"/>
<xs:simpleType name="guid">
<xs:restriction base="xs:string">
<xs:pattern
value="[\da-fA-F]{8}-[\da-fA-F]{4}-[\da-fA-F]{4}-[\da-fA-F]{4}-[\da-fA-F]{12}"/>
</xs:restriction>
</xs:simpleType>
<xs:attribute name="FactoryType" type="xs:QName"/>
<xs:attribute name="Id" type="xs:ID"/>
<xs:attribute name="Ref" type="xs:IDREF"/>
</xs:schema>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel"
elementFormDefault="qualified"
targetNamespace="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel">
<xsd:complexType name="StudentProgress">
<xsd:sequence>
<xsd:element minOccurs="1" name="student_id" nillable="false"
type="xsd:string"/>
<xsd:element minOccurs="1" name="namespace" nillable="false"
type="xsd:string"/>
<xsd:element minOccurs="0" name="scd" nillable="false"
type="xsd:string"/>
<xsd:element minOccurs="0" name="num_encountered_objectives"
type="xsd:int"/>
<xsd:element minOccurs="0" name="content_progress"
type="xsd:int"/>
<xsd:element minOccurs="0" name="content_mastery" type="xsd:int"/>
<xsd:element minOccurs="0" name="num_lab_logins" type="xsd:int"/>
<xsd:element minOccurs="0" name="num_homework_logins"
type="xsd:int"/>
<xsd:element minOccurs="0" name="last_login_date"
type="xsd:dateTime"/>
<xsd:element minOccurs="0" name="max_progress" type="xsd:int"/>
<xsd:element minOccurs="0" name="max_mastery" type="xsd:int"/>
<xsd:element minOccurs="0" name="fluency_progress"
type="xsd:int"/>
<xsd:element minOccurs="0" name="fluency_mastery" type="xsd:int"/>
<xsd:element minOccurs="0" name="fluency_time_spent"
type="xsd:int"/>
<xsd:element minOccurs="0" name="cur_hurdle_num_tries"
type="xsd:int"/>
<xsd:element minOccurs="0" name="fluency_path" type="xs:string"/>
<xsd:element minOccurs="0" name="cur_obj_path" type="xs:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="StudentProgress" nillable="true"
type="tns:StudentProgress"/>
</xs:schema>
<xsd:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public"
elementFormDefault="qualified"
targetNamespace="http://schemas.datacontract.org/2004/07/BLI.AssessmentData.DataModel.Public">
<xsd:complexType name="ArrayOfSourceSchema">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="unbounded"
name="SourceSchema" nillable="true" type="tns:SourceSchema"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ArrayOfSourceSchema" nillable="true"
type="tns:ArrayOfSourceSchema"/>
<xsd:complexType name="SourceSchema">
<xsd:sequence>
<xsd:element minOccurs="0" name="Data" nillable="true"
type="tns:ArrayOfColumnSchema"/>
<xsd:element minOccurs="0" name="DateColumn" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Description" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Name" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Namespace" nillable="true"
type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="SourceSchema" nillable="true"
type="tns:SourceSchema"/>
<xsd:complexType name="ArrayOfColumnSchema">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="unbounded"
name="ColumnSchema" nillable="true" type="tns:ColumnSchema"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ArrayOfColumnSchema" nillable="true"
type="tns:ArrayOfColumnSchema"/>
<xsd:complexType name="ColumnSchema">
<xsd:sequence>
<xsd:element minOccurs="0" name="Description" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="IsKey" type="xsd:boolean"/>
<xsd:element minOccurs="0" name="IsReference" type="xsd:boolean"/>
<xsd:element minOccurs="0" name="Name" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Type" nillable="true"
type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ColumnSchema" nillable="true"
type="tns:ColumnSchema"/>
<xsd:complexType name="DataResult">
<xsd:sequence>
<xsd:element
xmlns:q6="http://schemas.microsoft.com/2003/10/Serialization/Arrays"
minOccurs="0" name="Data" nillable="true" type="q6:ArrayOfanyType"/>
<xsd:element minOccurs="0" name="EndDate" type="xsd:dateTime"/>
<xsd:element minOccurs="0" name="ErrorCode" type="xsd:int"/>
<xsd:element
xmlns:q7="http://schemas.microsoft.com/2003/10/Serialization/Arrays"
minOccurs="0" name="Errors" nillable="true" type="q7:ArrayOfstring"/>
<xsd:element minOccurs="0" name="Source" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="StartDate" type="xsd:dateTime"/>
<xsd:element minOccurs="0" name="Succeeded" type="xsd:boolean"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="DataResult" nillable="true" type="tns:DataResult"/>
<xsd:complexType name="Result">
<xsd:sequence>
<xsd:element minOccurs="0" name="ErrorCode" type="xsd:int"/>
<xsd:element
xmlns:q8="http://schemas.microsoft.com/2003/10/Serialization/Arrays"
minOccurs="0" name="Errors" nillable="true" type="q8:ArrayOfstring"/>
<xsd:element minOccurs="0" name="Metadata" nillable="true"
type="tns:ArrayOfAttribute"/>
<xsd:element minOccurs="0" name="Operation" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Succeeded" type="xsd:boolean"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="Result" nillable="true" type="tns:Result"/>
<xsd:complexType name="ArrayOfAttribute">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="unbounded" name="Attribute"
nillable="true" type="tns:Attribute"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ArrayOfAttribute" nillable="true"
type="tns:ArrayOfAttribute"/>
<xsd:complexType name="Attribute">
<xsd:sequence>
<xsd:element minOccurs="0" name="Name" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Namespace" nillable="true"
type="xsd:string"/>
<xsd:element minOccurs="0" name="Value" nillable="true"
type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="Attribute" nillable="true" type="tns:Attribute"/>
</xsd:schema>
<xsd:schema
xmlns:tns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"
elementFormDefault="qualified"
targetNamespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<xsd:complexType name="ArrayOfanyType">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="unbounded" name="anyType"
nillable="true" type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ArrayOfanyType" nillable="true"
type="tns:ArrayOfanyType"/>
<xsd:complexType name="ArrayOfstring">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="unbounded" name="string"
nillable="true" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="ArrayOfstring" nillable="true"
type="tns:ArrayOfstring"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="IAssessmentDataService_GetSourceSchema_InputMessage">
<wsdl:part name="parameters" element="tns:GetSourceSchema"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_GetSourceSchema_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSourceSchemaResponse"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_GetData_InputMessage">
<wsdl:part name="parameters" element="tns:GetData"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_GetData_OutputMessage">
<wsdl:part name="parameters" element="tns:GetDataResponse"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_GetDataRange_InputMessage">
<wsdl:part name="parameters" element="tns:GetDataRange"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_GetDataRange_OutputMessage">
<wsdl:part name="parameters" element="tns:GetDataRangeResponse"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_Login_InputMessage">
<wsdl:part name="parameters" element="tns:Login"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_Login_OutputMessage">
<wsdl:part name="parameters" element="tns:LoginResponse"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_Logout_InputMessage">
<wsdl:part name="parameters" element="tns:Logout"/>
</wsdl:message>
<wsdl:message name="IAssessmentDataService_Logout_OutputMessage">
<wsdl:part name="parameters" element="tns:LogoutResponse"/>
</wsdl:message>
<wsdl:portType name="IAssessmentDataService">
<wsdl:operation name="GetSourceSchema">
<wsdl:input
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetSourceSchema"
message="tns:IAssessmentDataService_GetSourceSchema_InputMessage"/>
<wsdl:output
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetSourceSchemaResponse"
message="tns:IAssessmentDataService_GetSourceSchema_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetData">
<wsdl:input
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetData"
message="tns:IAssessmentDataService_GetData_InputMessage"/>
<wsdl:output
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetDataResponse"
message="tns:IAssessmentDataService_GetData_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetDataRange">
<wsdl:input
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetDataRange"
message="tns:IAssessmentDataService_GetDataRange_InputMessage"/>
<wsdl:output
wsaw:Action="http://schema.bli.org/IAssessmentDataService/GetDataRangeResponse"
message="tns:IAssessmentDataService_GetDataRange_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="Login">
<wsdl:input
wsaw:Action="http://schema.bli.org/IAssessmentDataService/Login"
message="tns:IAssessmentDataService_Login_InputMessage"/>
<wsdl:output
wsaw:Action="http://schema.bli.org/IAssessmentDataService/LoginResponse"
message="tns:IAssessmentDataService_Login_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="Logout">
<wsdl:input
wsaw:Action="http://schema.bli.org/IAssessmentDataService/Logout"
message="tns:IAssessmentDataService_Logout_InputMessage"/>
<wsdl:output
wsaw:Action="http://schema.bli.org/IAssessmentDataService/LogoutResponse"
message="tns:IAssessmentDataService_Logout_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="WSHttpBinding_IAssessmentDataService"
type="tns:IAssessmentDataService">
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetSourceSchema">
<soap12:operation
soapAction="http://schema.bli.org/IAssessmentDataService/GetSourceSchema"
style="document"/>
<wsdl:input>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetSourceSchema_Input_policy"/>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetSourceSchema_output_policy"/>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetData">
<soap12:operation
soapAction="http://schema.bli.org/IAssessmentDataService/GetData"
style="document"/>
<wsdl:input>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetData_Input_policy"/>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetData_output_policy"/>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetDataRange">
<soap12:operation
soapAction="http://schema.bli.org/IAssessmentDataService/GetDataRange"
style="document"/>
<wsdl:input>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetDataRange_Input_policy"/>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_GetDataRange_output_policy"/>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Login">
<soap12:operation
soapAction="http://schema.bli.org/IAssessmentDataService/Login"
style="document"/>
<wsdl:input>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_Login_Input_policy"/>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_Login_output_policy"/>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="Logout">
<soap12:operation
soapAction="http://schema.bli.org/IAssessmentDataService/Logout"
style="document"/>
<wsdl:input>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_Logout_Input_policy"/>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#WSHttpBinding_IAssessmentDataService_Logout_output_policy"/>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="AssessmentDataService">
<wsdl:port name="WSHttpBinding_IAssessmentDataService"
binding="tns:WSHttpBinding_IAssessmentDataService">
<soap12:address
location="http://localhost:8080/services/AssessmentDataService"/>
<wsa10:EndpointReference>
<wsa10:Address>http://localhost:8080/services/AssessmentDataService</wsa10:Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIC5DCCAcygAwIBAgIQbDQulAkeX7ROQqIwV6TAHDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtTVFNUZXN0Q2VydDAeFw0xMTAzMzAxNTA4NDJaFw0xMjAzMjkyMTA4NDJaMBYxFDASBgNVBAMTC1NUU1Rlc3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56LAvEEYI7mI85ufyLS8MjuU5uPlgH9FUtE/YxPNIwsRe8+GZcXWHefuU0MV6m06K4GMeUq2i4E0ciKTsqnQhs0eqHt3WgH8uaF7DAz6sxzLpbUYWG7sGq0v3oanYv0S3+cfWyERvwYpdTmzqRRTNLRv371FIycc13LF67ZvpXZKEl0rkSfL8p6O6KHPQz5CduP3N+/3pjTsKsl/iNjM8K3Vi1MCb5lWeCBBig7yT9ICwWCkkDJpGJsksCanw8uM4eoRP3aY41EtPnA8Gvt5qVTMnn2JJGgxklegVUmsYtbBiziJCNWIa9loTEg5MbrzhQ5WSptV4HTviCSFqAPgwIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFCAC194orTY0yHGxY/O+5fm+GHtjMA0GCSqGSIb3DQEBBQUAA4IBAQC4fo83cVW+Q8kNhn9bWSh9hOynuv1mTNPtgAxS37fifziexnK+LYe4uQNzAuGlgusxwQS1izSP5S3dRyOjzqrT+H4ZBeWwX9rTkmlyOtnGQIwyA5jwDeRqcPMgU9XJf5NwA2W88lJDTijRNIG6RCBQcusflqc4/DvYZmRlRX8XGjgOwf4Zw4pATMfA67CG/NDJXPbTHqTbJihdWjJXQODjocU1KabAXlIxPkwJFh8cf1dRDvYN3xVOmjgHpQ82G6RA4TXdTJKcU0yO8PHsVrOGmjYjDbVgThHRdzLvpBZG6ZD0O/i8C2gavoguIgRBnBCT4b4DEDLfVnebApzIFn
Vl
</X509Certificate>
</X509Data>
</KeyInfo>
</Identity>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="WSHttpBinding_IAssessmentDataService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<mssp:SslContextToken
xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:MustNotSendCancel/>
<sp:MustNotSendAmend/>
<sp:MustNotSendRenew/>
</wsp:Policy>
</mssp:SslContextToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<Issuer
xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address
xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address>
<Metadata
xmlns="http://www.w3.org/2005/08/addressing">
<Metadata
xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address
xmlns="http://www.w3.org/2005/08/addressing">http://localhost:56636/Hybrid.STS/mex</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:Claims
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<wsid:ClaimType
xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity"
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
Optional="true"/>
<wsid:ClaimType
xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity"
Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
Optional="true"/>
</trust:Claims>
<trust:KeyWrapAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust13>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
</wsp:Policy>
</sp:BootstrapPolicy>
<sp:MustNotSendAmend/>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetSourceSchema_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetSourceSchema_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetData_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetData_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetDataRange_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_GetDataRange_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_Login_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_Login_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_Logout_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="WSHttpBinding_IAssessmentDataService_Logout_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5120341.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: General security error (Provided SAML token does not contain a suitable key)
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday, January 03, 2012 1:17:15 PM danlee100 wrote:
> After I upgraded CXF to 2.5.1, I am getting another error. It seems that
> RequestSecurityToken is not recognized.
This looks like a SecureConversation request. Does the wsdl define a ws-
secureconverstation policy?
Also, what cxf "jars" do you have on the classpath. You likely need the
ws-policy, ws-security, ws-addressing jars. With 2.5, we did reduce some of
the dependencies so you may need to add some of them back on if they are
needed.
Dan
>
> 2012-01-03 12:19:13,700 [MIND] WARN [http-192.168.168.51-80-1]
> org.apache.cxf.phase.PhaseInterceptorChain.doLog(384) | Interceptor for
> {http://schema.bli.org/}AssessmentDataService has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Message part
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken was
> not recognized. (Does it exist in service WSDL?)
> at
> org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralI
> nInterceptor.java:197) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
> .java:263) at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb
> server.java:123) at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes
> tination.java:207) at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet
> Controller.java:213) at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
> java:193) at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ
> let.java:126) at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH
> TTPServlet.java:185) at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ
> let.java:108) at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer
> vlet.java:164)
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-tok
> en-does-not-contain-a-suitable-key-tp4990489p5117995.html Sent from the
> cxf-dev mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Colm O hEigeartaigh <co...@apache.org>.
What does the WSDL of the service look like? Does it have a
SecureConversationToken policy?
Colm.
On Tue, Jan 3, 2012 at 11:02 PM, danlee100 <da...@yahoo.com> wrote:
> Here is the actual SOAP message
>
>
> POST http://66.211.102.200/gen4/services/AssessmentDataService HTTP/1.1
> Content-Type: application/soap+xml; charset=utf-8
> Host: 66.211.102.200
> Content-Length: 1267
> Expect: 100-continue
> Accept-Encoding: gzip, deflate
> Connection: Keep-Alive
>
> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
> xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action
> s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action><a:MessageID>urn:uuid:ce0cca36-02d5-4fbc-873e-5756a5f67647</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To
> s:mustUnderstand="1">http://66.211.102.200/gen4/services/AssessmentDataService</a:To></s:Header><s:Body><trust:RequestSecurityToken
> Context="uuid-f7972e39-96c7-4621-bc43-c5ba53c68655-1"
> xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:TokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:KeySize>256</trust:KeySize><trust:BinaryExchange
> ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFwBAABYAwFPA4We+Mq1fvk/zjwX4jicrc+V7cdBjHStS8Lr0xAsYwAAGAAvADUABQAKwAnACsATwBQAMgA4ABMABAEAABcACgAIAAYAFwAYABkACwACAQD/AQABAA==</trust:BinaryExchange></trust:RequestSecurityToken></s:Body></s:Envelope>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5118234.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by danlee100 <da...@yahoo.com>.
Here is the actual SOAP message
POST http://66.211.102.200/gen4/services/AssessmentDataService HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: 66.211.102.200
Content-Length: 1267
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action
s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action><a:MessageID>urn:uuid:ce0cca36-02d5-4fbc-873e-5756a5f67647</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To
s:mustUnderstand="1">http://66.211.102.200/gen4/services/AssessmentDataService</a:To></s:Header><s:Body><trust:RequestSecurityToken
Context="uuid-f7972e39-96c7-4621-bc43-c5ba53c68655-1"
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:TokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:KeySize>256</trust:KeySize><trust:BinaryExchange
ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFwBAABYAwFPA4We+Mq1fvk/zjwX4jicrc+V7cdBjHStS8Lr0xAsYwAAGAAvADUABQAKwAnACsATwBQAMgA4ABMABAEAABcACgAIAAYAFwAYABkACwACAQD/AQABAA==</trust:BinaryExchange></trust:RequestSecurityToken></s:Body></s:Envelope>
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5118234.html
Sent from the cxf-dev mailing list archive at Nabble.com.
AW: AW: General security error (Provided SAML token does not
contain a suitable key)
Posted by Oliver Wulff <ow...@talend.com>.
I had a look to the configuration and I'm wondering why the Security Token Request is sent to the CXF service instead of your STS.
Originally, you raised the issue that the SAML token can't be validated. But meanwhile, we face an issue one step before where the SAML token should be issued by the STS.
Acording to your client configuration:
<issuer
address="http://stsbli.cloudapp.net:8080/STSService.svc/IWSTrust13"
binding="ws2007HttpBinding"
bindingConfiguration="http://srvsk01.skdevel.local/WCFTestSTS/Service.svc/IWSTrust13"
>
The STS request should be sent to the sts deployed at stsbli.cloudapp.net. Any idea why .NET sends it to the application service instead?
According to your configuration, a symmetric key is generated:
<message algorithmSuite="Default" issuedKeyType="SymmetricKey"
negotiateServiceCredential="true">
The requested token type (issuedTokenType="string") is not configured which means it is left to the STS to decide what kind of token should be issued. I'm not sure about the impact of negotiateServiceCredential.
Let's assume you can sort out the issue that the STS request is sent again to your STS instance instead of the CXF application service. The question then is how is the symmetric key shared between the service consumer and service provider.
<?xml version="1.0"?>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
MajorVersion="1" MinorVersion="1"
AssertionID="_2bea327c-8791-4bd2-9f98-5690c0c6a83b" Issuer="BLISTS"
IssueInstant="2011-11-09T22:47:38.202Z">
<saml:Conditions NotBefore="2011-11-09T22:47:38.124Z"
NotOnOrAfter="2011-11-09T23:47:38.124Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://66.211.102.200/gen4/services/AssessmentDataService</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<trust:BinarySecret
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">sYjbfcODXJg0oBL0EPlCMlUJ2SZnjk/51e2rDs+2e+E=</trust:BinarySecret>
</KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="Name"
AttributeNamespace="http://www.bli.org/claims">
<saml:AttributeValue>roccbufalino1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="IDNamespace"
AttributeNamespace="http://www.bli.org/claims">
<saml:AttributeValue>http://www.bli.org/Rocketship/</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="ID"
AttributeNamespace="http://www.bli.org/claims">
<saml:AttributeValue>123111111111111111111</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_2bea327c-8791-4bd2-9f98-5690c0c6a83b">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>1cIz27KwzN0gwLkDSLolHTxaAMQ19YsVcF3eV1sA/68=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>t1vCq6MWMWupEDcfv/8b+FOCcb8bi7gIbBNM9XCLsIjm20xMPla5u43DjPaRb2+rPdnlVeNt/s/8Id/zxvPmBqIohdJY3ZeAC0/i+DLV+8tMdA/q6azSUjgZHKniUtqPjH6B5aLYm3niwkqivwhWCcl3txVjfbtjoxDTUmMendaDxZ80zHmIy73vzf1nNo+SokdGvwEbQY8RKSYXnUoXXP2oAkyUSG2efr/41eXkeOd+nLdCWLKEhDJCWYNEs1KlneJclh9Fu15DRmnihjeV3eFDFy1xmIXQ8IiVI+78CYvcPN7HMDSKOkDSQs3DmNQaamlxTYkMN0AMYwwEhcyWsA==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIC5DCCAcygAwIBAgIQbDQulAkeX7ROQqIwV6TAHDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtTVFNUZXN0Q2VydDAeFw0xMTAzMzAxNTA4NDJaFw0xMjAzMjkyMTA4NDJaMBYxFDASBgNVBAMTC1NUU1Rlc3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56LAvEEYI7mI85ufyLS8MjuU5uPlgH9FUtE/YxPNIwsRe8+GZcXWHefuU0MV6m06K4GMeUq2i4E0ciKTsqnQhs0eqHt3WgH8uaF7DAz6sxzLpbUYWG7sGq0v3oanYv0S3+cfWyERvwYpdTmzqRRTNLRv371FIycc13LF67ZvpXZKEl0rkSfL8p6O6KHPQz5CduP3N+/3pjTsKsl/iNjM8K3Vi1MCb5lWeCBBig7yT9ICwWCkkDJpGJsksCanw8uM4eoRP3aY41EtPnA8Gvt5qVTMnn2JJGgxklegVUmsYtbBiziJCNWIa9loTEg5MbrzhQ5WSptV4HTviCSFqAPgwIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFCAC194orTY0yHGxY/O+5fm+GHtjMA0GCSqGSIb3DQEBBQUAA4IBAQC4fo83cVW+Q8kNhn9bWSh9hOynuv1mTNPtgAxS37fifziexnK+LYe4uQNzAuGlgusxwQS1izSP5S3dRyOjzqrT+H4ZBeWwX9rTkmlyOtnGQIwyA5jwDeRqcPMgU9XJf5NwA2W88lJDTijRNIG6RCBQcusflqc4/DvYZmRlRX8XGjgOwf4Zw4pATMfA67CG/NDJXPbTHqTbJihdWjJXQODjocU1KabAXlIxPkwJFh8cf1dRDvYN3xVOmjgHpQ82G6RA4TXdTJKcU0yO8PHsVrOGmjYjDbVgThHRdzLvpBZG6ZD0O/i8C2gavoguIgRBnBCT4b4DEDLfVnebApzIFnVl</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
What is in the BinarySecret and against what should CXF process the proof-of-possession requirement?
------
Oliver Wulff
http://owulff.blogspot.com
Solution Architect
Talend Application Integration Division http://www.talend.com
________________________________________
Von: satya [skarri@fullarmor.com]
Gesendet: Montag, 9. Januar 2012 22:38
Bis: dev@cxf.apache.org
Betreff: Re: AW: General security error (Provided SAML token does not contain a suitable key)
The following is the configuration from the .net client. The configuration
works with .net services
<system.serviceModel>
<client>
<endpoint
address="http://66.211.102.200/gen4/services/AssessmentDataService"
binding="ws2007FederationHttpBinding"
bindingConfiguration="WS2007FederationHttpBinding_IAssessmentDataService"
contract="ServiceReference2.IAssessmentDataService"
name="WSHttpBinding_IAssessmentDataService"
behaviorConfiguration="clientEndpointCredential">
<identity>
<certificate encodedValue="" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointCredential">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="BLITokenRequest" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors/>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IAssessmentDataService" >
<security mode="Message">
<message algorithmSuite="Default" issuedKeyType="SymmetricKey"
negotiateServiceCredential="true">
<issuer
address="http://stsbli.cloudapp.net:8080/STSService.svc/IWSTrust13"
binding="ws2007HttpBinding"
bindingConfiguration="http://srvsk01.skdevel.local/WCFTestSTS/Service.svc/IWSTrust13"
>
<identity>
<certificate encodedValue="*" />
</identity>
</issuer>
<issuerMetadata
address="http://localhost:56636/Hybrid.STS/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding
name="http://srvsk01.skdevel.local/WCFTestSTS/Service.svc/IWSTrust13">
<security mode="Message">
<message clientCredentialType="Certificate"
negotiateServiceCredential="false"
algorithmSuite="Default" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
</system.serviceModel>
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5132596.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: AW: General security error (Provided SAML token does not
contain a suitable key)
Posted by satya <sk...@fullarmor.com>.
The following is the configuration from the .net client. The configuration
works with .net services
<system.serviceModel>
<client>
<endpoint
address="http://66.211.102.200/gen4/services/AssessmentDataService"
binding="ws2007FederationHttpBinding"
bindingConfiguration="WS2007FederationHttpBinding_IAssessmentDataService"
contract="ServiceReference2.IAssessmentDataService"
name="WSHttpBinding_IAssessmentDataService"
behaviorConfiguration="clientEndpointCredential">
<identity>
<certificate encodedValue="" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointCredential">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="BLITokenRequest" />
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors/>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IAssessmentDataService" >
<security mode="Message">
<message algorithmSuite="Default" issuedKeyType="SymmetricKey"
negotiateServiceCredential="true">
<issuer
address="http://stsbli.cloudapp.net:8080/STSService.svc/IWSTrust13"
binding="ws2007HttpBinding"
bindingConfiguration="http://srvsk01.skdevel.local/WCFTestSTS/Service.svc/IWSTrust13"
>
<identity>
<certificate encodedValue="*" />
</identity>
</issuer>
<issuerMetadata
address="http://localhost:56636/Hybrid.STS/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding
name="http://srvsk01.skdevel.local/WCFTestSTS/Service.svc/IWSTrust13">
<security mode="Message">
<message clientCredentialType="Certificate"
negotiateServiceCredential="false"
algorithmSuite="Default" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
</system.serviceModel>
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5132596.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: AW: General security error (Provided SAML token does not
contain a suitable key)
Posted by satya <sk...@fullarmor.com>.
I added establishSecurityContext=true my config
<message algorithmSuite="Default" issuedKeyType="SymmetricKey"
negotiateServiceCredential="false"
establishSecurityContext="true">
Now i can receive token But gets the following message
<soap:Envelope
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text
xml:lang="en">Message part
{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken was
not recognized. (Does it exist in service
WSDL?)</soap:Text></soap:Reason></soap:Fault></soap:Body></soap:Envelope>
The soap request for the service is
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action
s:mustUnderstand="1"
u:Id="_5">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT</a:Action><a:MessageID
u:Id="_6">urn:uuid:2688ccd3-7c29-479e-b5f4-b48c28624a41</a:MessageID><a:ReplyTo
u:Id="_7"><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To
s:mustUnderstand="1"
u:Id="_8">http://66.211.102.200/gen4/services/STMathDataService</a:To><o:Security
s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp
u:Id="uuid-07951928-3ba2-466f-b3b9-96a95d130ffd-11"><u:Created>2012-01-11T16:38:02.250Z</u:Created><u:Expires>2012-01-11T16:43:02.250Z</u:Expires></u:Timestamp><e:EncryptedKey
Id="uuid-07951928-3ba2-466f-b3b9-96a95d130ffd-10"
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns="http://www.w3.org/2000/09/xmldsig#"/></e:EncryptionMethod><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dTagvKsWZyvGcb34HrEX9h0HtUY=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>iYCQGCMqs2zbLdccv8aafAcq6Tv7PiMzV7mq5PgfXWHgufsHHOt6wzAsvxjhD0HOYycZpQbuc5ijcc7Gjifp66T33FJ6nVTx+38yB9//op9wGzIomAa7hh+37o92vdBUauSO89PEboI/fD2GmgYOVJFVGKous8V9ESKDe3P5hWjIxY2od89QW0mN3CJlMMyCU1ZTm+E74VD9afqB901E0Q7IiE/JOc7Qm+PULCyo0kH5CqYEO1Zyra5OUK10nuyZ1cymOfrP2VC3OCzdVeFTG6wwUWfDyruzdkMxk5ZkqlUWnjY/lcXNWXYfegQkVeVrPZ06q/9DZ63U9nNzuQexgw==</e:CipherValue></e:CipherData></e:EncryptedKey><sc:DerivedKeyToken
u:Id="_0"
xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:Reference
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
URI="#uuid-07951928-3ba2-466f-b3b9-96a95d130ffd-10"/></o:SecurityTokenReference><sc:Offset>0</sc:Offset><sc:Length>24</sc:Length><sc:Nonce>bcHE4/ZkHyYwK5EhAl+kig==</sc:Nonce></sc:DerivedKeyToken><sc:DerivedKeyToken
u:Id="_2"
xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:Reference
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
URI="#uuid-07951928-3ba2-466f-b3b9-96a95d130ffd-10"/></o:SecurityTokenReference><sc:Nonce>LjGJVT85ub5/l6u0PaC/TA==</sc:Nonce></sc:DerivedKeyToken><e:ReferenceList
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:DataReference
URI="#_4"/><e:DataReference URI="#_10"/><e:DataReference
URI="#_11"/></e:ReferenceList><saml:Assertion MajorVersion="1"
MinorVersion="1" AssertionID="_1ba00e31-5020-484f-b2eb-3133019ca9c4"
Issuer="BLISTS" IssueInstant="2012-01-11T16:38:02.404Z"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions
NotBefore="2012-01-11T16:38:02.389Z"
NotOnOrAfter="2012-01-11T17:38:02.389Z"><saml:AudienceRestrictionCondition><saml:Audience>http://66.211.102.200/gen4/services/STMathDataService</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><trust:BinarySecret
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">b3vtFednSFI8VEtBJ0mmFGSbuNPSEeUAArwhRHTXlpE=</trust:BinarySecret></KeyInfo></saml:SubjectConfirmation></saml:Subject><saml:Attribute
AttributeName="Name"
AttributeNamespace="http://www.bli.org/claims"><saml:AttributeValue>certUser</saml:AttributeValue></saml:Attribute><saml:Attribute
AttributeName="IDNamespace"
AttributeNamespace="http://www.bli.org/claims"><saml:AttributeValue>http://www.bli.org/test/</saml:AttributeValue></saml:Attribute><saml:Attribute
AttributeName="ID"
AttributeNamespace="http://www.bli.org/claims"><saml:AttributeValue>{8EDFAB3C-C2F2-49AA-AF66-8003335DCFB6}</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference
URI="#_1ba00e31-5020-484f-b2eb-3133019ca9c4"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>/R5R9pTdlh7B6nWETDyRCiOZvJihTvelvXXsBJF6zt4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>p05kwFw58bQuVYC6Em+upTejV6yiepVZsgPpaJrOMCk40Eg6qkg7lgqjWDLsB2fVnmtBNiK7ma5PMUhdav8wS/w+wc69IWGtZPqWL8He8A5u2UQ97ilgtBo3s9V0EJTwiD/bumqqcr1eF/3rWHsxtNFVEepigwkarL7gxJ07SEf8kmsivPh5TirlW0KyqsHUs3F/YgiKSAh1SNnZFHfAkC7ctUqnreY69O2z3VU6mvPhNcR89JJNcLh+Z/BV/XLiVzuUnWqePG9r93dK84wRSEbEIFmuXqTeVqrL5+nNUneeYDilMy8TjB/zYNnxOVK1e1tZfQwp//gMYr7RKYyD+A==</ds:SignatureValue><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC5DCCAcygAwIBAgIQbDQulAkeX7ROQqIwV6TAHDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtTVFNUZXN0Q2VydDAeFw0xMTAzMzAxNTA4NDJaFw0xMjAzMjkyMTA4NDJaMBYxFDASBgNVBAMTC1NUU1Rlc3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56LAvEEYI7mI85ufyLS8MjuU5uPlgH9FUtE/YxPNIwsRe8+GZcXWHefuU0MV6m06K4GMeUq2i4E0ciKTsqnQhs0eqHt3WgH8uaF7DAz6sxzLpbUYWG7sGq0v3oanYv0S3+cfWyERvwYpdTmzqRRTNLRv371FIycc13LF67ZvpXZKEl0rkSfL8p6O6KHPQz5CduP3N+/3pjTsKsl/iNjM8K3Vi1MCb5lWeCBBig7yT9ICwWCkkDJpGJsksCanw8uM4eoRP3aY41EtPnA8Gvt5qVTMnn2JJGgxklegVUmsYtbBiziJCNWIa9loTEg5MbrzhQ5WSptV4HTviCSFqAPgwIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFCAC194orTY0yHGxY/O+5fm+GHtjMA0GCSqGSIb3DQEBBQUAA4IBAQC4fo83cVW+Q8kNhn9bWSh9hOynuv1mTNPtgAxS37fifziexnK+LYe4uQNzAuGlgusxwQS1izSP5S3dRyOjzqrT+H4ZBeWwX9rTkmlyOtnGQIwyA5jwDeRqcPMgU9XJf5NwA2W88lJDTijRNIG6RCBQcusflqc4/DvYZmRlRX8XGjgOwf4Zw4pATMfA67CG/NDJXPbTHqTbJihdWjJXQODjocU1KabAXlIxPkwJFh8cf1dRDvYN3xVOmjgHpQ82G6RA4TXdTJKcU0yO8PHsVrOGmjYjDbVgThHRdzLvpBZG6ZD0O/i8C2gavoguIgRBnBCT4b4DEDLfVnebApzIFnVl</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion><sc:DerivedKeyToken
u:Id="_9"
xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_1ba00e31-5020-484f-b2eb-3133019ca9c4</o:KeyIdentifier></o:SecurityTokenReference><sc:Offset>0</sc:Offset><sc:Length>24</sc:Length><sc:Nonce>brdbGif2f0Dk/v8rKMKjJA==</sc:Nonce></sc:DerivedKeyToken><e:EncryptedData
Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk"
URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>pnQpugycGKFtQWx2tMphEuqRvdBEbOaNVyuvPj1i32E7ZjM7YhdOnHeM5St2sCk9kazmIpIa4VF4aRXLQaXG3mu332yQTFrXfgXsZgT6QlcevJDxmkGd3zoLF1hft6/sFdjpWrwMQrIgGX2APImPXhFTCQFf78rOLwDXPoYyU5LPR+8yGdNu7le88YeMipwGQQrwTbCNa2j/Xm4uHnKL1zLeEQr5M08nhJzcpQGPtTizz+3uUN2b+OSXvbZVIrTbzejLD5IaHC9k27kUTE0gfgfL5oaISzf4nVUBCrotFsy2chyYGVPEOrjTPmFNn4NOuBSaLCJoWNzaB3kO+S/b0+lonYJ+/GWdTe2bDkzVF+JWa/SVWUf3cMqcjgRgSKA565kYCQIUM49Qmu9Md3O4J3m2SQIFhPpmgg8IsDFMAgJIPwdV6saTGFHdgUSID6bvNEFtn/ke2+rh3KTNxfcUNlSl+rmJvqJirjn9wJgFkVfdjotsr+X6HSUwEgbSsPG1ZB1BbxlKu/XlB5q0XZ94WYG+WrlpOIQcxZQdkOmbAg8r0tu7JaapU1LwMUbfnCsYXqvK4UXPwkFfSeOWUFgaJ6Xz4vw30AUwwEhjuWnxc3LDRXxPgvC1ZUo/v8nVdT3uzGYxFn5IeMMwOTKrA2kylE8V+Jg97z4LOc54akUDY9P8gtNlorJg7eKF2YO5ZidBVC+bpPTkBXAkP7XRDsZjb3NCwJdLmCVUmBjh08A9f61p5RxidI5hZ8e0FSvXrRcJDVFZJT5nlTtgD4jffZJEBlAHE3EcSgUsHJKZ74jgUAxgEXt/PkMDQT4FUC+95/vSHNTyJI7yjt7opAGbv/uqlZ12bxcCAcbtJmFFrTKQTLS2AvxwsQ7cnHQn4p6PRGPODRqrRYlv8lKWUhnjZXBwzlzHJ1MY5nykYbsfHEyUbsTdnKW6DGd+2sZxqcQzWFpupuiP8YZ7o2t1Zi7UUOxG8JKdzgCbH0NCrEfeakIRjeQSf0Oej5DcOyj8ZCC7upF1Fno0aNiPG0ZF/d3jLK8XWxvJL3da+SrhNfGFPsF+QECG6lFJLznHTAfMnvkVmQvbz6fx1AASwHbysLMJ/CXYinqboBXV+VHssLbCZHGlRsujt02Tpck+V1Ue3GfVY7bHaOjk6SGnEzeWvX8tdlhCUveGb9FhnnNsLo/5ywgAN0Iblx730AwaMyVtoX+X11WwbPcKoBKqStVMt5E59yRsMiNhjNmdBS20IblVGjEP6ZBPZakR5CE/2ORcXzVR0qDRewN2LEk4jTYLQrwD65rdfibl3/ylMqf18DUIzCSA0LQQa0lt0jOMn78qmcmVdCdK1VMae8BTGjNN+/csi5jzB0scn/6TUyYfeeo+nAVjmdHdDovywLB0igZ+sqVX35ou+fbGPgGxoO24JTcvCpHtg94+fENlAmBEqe49DcfGNZFCcPlRtIbyG6dclds+S8X2GkktL29rIe213xTR3OA0I/kPwbCBBoXJt1jX9aZhTfTuKIX45xp5bATv6CZeddjFyo3TwYwwb/w04j4KJTnQ8riKd9xJ5Tvh0H7dHQigJRtFCwOaRaPpP0hE87osnSQ5KfT0+r93yMBPsM4Ubwhr1YoTXbHT19xLhSrD5OX9wkaakb6eW+G4A/a4BW0xXRP2YgFoLsPC+RaGZH06sZO7fZB3E+UisJwe+KYsRlcPzK3x1OZK45XWtxrN3cUGO49Jowa4KiHp+5PHYrYA4oOgagiB53HPnyzPe89il2VSsN6Fy4Fc5+z1SzzIrHU5y6rtJKRKhZ4dAtyu3/U5TL9lF6oYBMMysibpGvA5AdQzbmpeS3j3luKoCwdh4fG/W8Ix0b1IupZJG1V/H/h8guuRGjh+3+mNOK1aApTy1Lo+X/ZOBvol6YES+/I/sw9egVB62fvD5k6FFzaLsMS3TO9BtCC1AgoLQUjQE4r+srJgK6y/7UZZK4xjuZrWTSNZZS6G9AQfLHrI03CJ6GWyrm7/jfXKOdi7Qx06l6RdFEdpw/Z7OZyZVYxEiy4Otc9bzbhxf2D/qvejJE76qF5w7cCfZodZKCgBCEAqBZa9JOmCZaJFaiYfdE7H6nhjqELnQp2o2S0kkv1wHF8qFXpFxF9V8Hl2jP5WGIViScvtE37xvoFKVjP/zTcWH/BD5PMe2SUhJMYPVT/RSrRDkbLQZ0q831A187invhO2Cmo13X5d23oYgPlBk/myHgGFzgoSg46sd8iA2MGFV44V45NdAcQvDjULVguSxFSbHeYZ3ROecF6fv7KknO4xG1NLjBGnIbjLQcXkl6AV842zL7vaf1LSNUqw3ESukKNdAs2b147vyPBeLsi6hjLdrCv4MQtqMlXCnb84vBj2gy1vpDnlgm0DCeOlGVG2ztuBCj4Qg8K2bPxC1DTWbvhagpp6V26vyM3t43Yc6sylnCQCuoHrITXMGh6v8YoFzCujfqEvveu8NC8yROQgOsULc7zJtye8LEVg/wnklHI8sSiMmwHG8vE9zi7e0qyMm3d/qrlmScW4CSbwlGh5YgiiQr4ULQbhqhj8EAd5OSpYTXGVFY52gcmZSJY9UumMndGoLkCo5Ykw/MrJMJOOtwQdju7plkoplCSTKNUTCpOABLf8mxCOUa1qXhLlpKI+FNuOTgx2PWf5czqcspcvNe232L+RuxcnkkzFLJM01WzYMrBnXy4LwLrV4//YtUpelsewEjAcTD7ig2P2gfX+aJVFF+9cTthXsKwn5/8OX/m0iGoU0mmw4kJgoJuqz4rjQrykVo2SfXTfiW0=</e:CipherValue></e:CipherData></e:EncryptedData><e:EncryptedData
Id="_11" Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk"
URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>USyvDTaT+oousuNqFSyFj4b1xkmB+ZHCkMjwYRhC5V9RKBazO5TyNpPCDYct2e+GOd0OfyBZal1dQeN+/rQ0kWZPZzFKxoaLlhjeV2etWAZw0o81ufm/N18WyoL2tR6B5vyz+uvS/9u5M2cpJiiHcCazIUC3V63rmxk7DqpKasCH4/CjQmr3pHoz5HNARQSmcbDaQSE0NGNDEcA5cR59jYNk8LtSPb4wzYjowRbAT+zjSvSFYEnpEmkAT+pFSyyVLjgCphnv8Gh2mfoeSYvJAyQnHqLJhTKVgQWHTShDGIVY3iaGsi4ZhYpxBee7VVNanoLyLQBQG/sgwd2uNdiSBiPDR5LvOUbl6Ie5xzFZXAz+/IWrWajOJMOClTJKpyp8f4aLf5jjMbWsa9ME7BzgUvPhTrURTPaVNdYIV28iW9Ba2XMWJsjMcd6HBWnf7SJqyBbgSBU798oIdZujVgQVgHBoKxL7uNGaejbHERJ3wevH6r3BYcCPcc1UB/Cm92j4eg12eTkMCHTPRtNNGoX/BuVVWYIvyQEO8slDxjGx9zh/J2h2nB2Eq4LhL0fDpfe4u/v3KIw94ND/SuU7M8bTf4z/ENMIZiP0iTCnbUAIozsXL69P7oPzrqZiA5d7Yb4KtmlKuD6CQ/oQbCcFqlVt3K1wRoIVwS+Di50H82lnM68PTghvuDzw2rLDRTNo60xnozhuDlAN3HTdRGamZi63+R2k7bh8YW+7mvGY3GC3t2Ym0fZD8jgqbgVY1Nl8Y370CpLRHFkoVZ4RvFk39DUS17ivsuWZrpKbbFy4DGrxAl/lGGDmv5J85ag1vAfn7QUUqyauajW62HrX3Gh7NH8Psrp+XJS4s6qu5NkICLK/9wLAbxhcgU059VVO85NdFRrF4W3D8fJ6IVZ+ADcxqt+Gc8xnsp3YJmj0IyO+THP7O8TJQuFXVVynCBgUNmEN0EWOag18u20fv9gFBU/hsETEw6ATaT+xHSVXivTn+ph1mxsZ9jXJP+IY97CTkgzR7G7AOX9T7fccc5dWAAgwNn3g7j7UTSZbkqngoAEsrL5eGrvLkISOi7srFx4oyAAyup4BW8PAdm25zGNeki2FKm0Nmw==</e:CipherValue></e:CipherData></e:EncryptedData></o:Security></s:Header><s:Body
u:Id="_3"><e:EncryptedData Id="_4"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:Reference
ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk"
URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>ZAwgWXRx8U8MLyNOenXdgP0/tW+MWhHKUmMASp5kpbw2kNZrlGrcDcb7fwU4gMv5B3CJ2nuMl+cmi1p0WoZRwaJ5aqEt3j+9kIDVvR5zNNxm3FU0Qrs5MyZrxG3eoCBNxZmnC0xsdIHXa0O5JIEIw43x5YcULWMZoKcfOv2ZzisLTgKqCdn4PRDDQI3pp1DEzrG1mY9tvP0ncxLqYG3IKamX5urOSPx/b4gfHnVNNFXwIRsD08EsYVcf74Yr9WuBIHOCXPrSpdsibGMA5wjZspKAGk5XCFXvvW0xKTaY+UbsbArDDJes8UgLlV2KLuzDcRcHdrTjalQNKwFRZzuSHobpdUygPcwWkeaS6nOsY7YbD5Lp1KDZ9/P7FgSP1WVdsbFs48rEVd9hQfQq5e2xgLlW74GESfUx4E7KLKX3HJFZ9Gh2oZDnQRmoqEy7i3/OxTOH82Yl99sGxKCpJKiqf1o2TlqaPU3IYS33HfWojHIUVkpreGSuY6B0sPeviT4ceyHDrRZQ6N9Jm5kOwsH34G+7sVs+wYIHUZTf/WDocWvEoqH8UQ8Rmg2/xXhr419z8cYZptVMSxCupbzlPlxlPyNdCBbzy8PMO+TVAG7JsrwPyi0vJoc6VtQ/HKL2QEX3AoUD20jB0JJrEhcbC42ykto1iKl9hI4RZdiBJvhXOknFUJmA58ke5Ln9moBCSEeE/gb6AG3FRgKKf0iG/JQgD4oSihM3N/S0qbaVPB9z0M0DWF83VQ4GltYeEv/DN0TGW+U/Aq6X8hTeLt7S91Nq8+zTKg8KyPNMn/W5gMbciFnKRtnTAfcD7M6uADQUVkqaxgJXOrXXMHPIet7h++NFS9QDmuIUXvXlshpi7ChU/RsiIkgzQM0V0dGBlH8zz1aUHBEevyz+VM99ZUNb+K7PGQ==</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5137321.html
Sent from the cxf-dev mailing list archive at Nabble.com.
AW: General security error (Provided SAML token does not contain a
suitable key)
Posted by Oliver Wulff <ow...@talend.com>.
I guess I understand your problem.
If you configure the .NET "ws2007FederationHttpBinding" it enforces the usage of WS-SecureConversation. The ws2007FederationHttpBinding is a system-provided binding. Each WCF binding is built from a set of system-provided binding elements. You can also configure a custom binding which also includes custom binding elements.
I assume that you have configured the ws2007FederationHttpBinding binding. Is that correct? Could you share your .net configuration file?
The WS-SecureConversation standard defines three use cases:
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html#_Toc162064047
Based on the message sent to CXF (receiver) from .NET, the .NET client sends the RST (request for the STS) to the application service instead of a dedicated STS instance. This matches with the last use case described in the spec "Security context token created through negotiation/exchanges".
I've got the question for you whether the usage of WS-SecureConversation is really needed or is it just used implicitly due to the usage of the wsFederationHttpBindig?
What are your security requirements for the communication between .NET client and CXF service?
Thanks
Oli
------
Oliver Wulff
http://owulff.blogspot.com
Solution Architect
Talend Application Integration Division http://www.talend.com
________________________________________
Von: Colm O hEigeartaigh [coheigea@apache.org]
Gesendet: Freitag, 6. Januar 2012 10:52
Bis: dev@cxf.apache.org
Betreff: Re: General security error (Provided SAML token does not contain a suitable key)
You could copy the WS-Security examples system test for Secure
Conversation using your own WSDL and try to reproduce the error that
way:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?view=markup
Colm.
On Thu, Jan 5, 2012 at 5:57 PM, danlee100 <da...@yahoo.com> wrote:
> I am not sure what I could provide to you as a test-case.
>
> The WSDL on the server can be seen here:
>
> http://66.211.102.200/gen4/services/AssessmentDataService?wsdl
>
> The client hitting this service is actually a Microsoft implementation.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5123388.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Colm O hEigeartaigh <co...@apache.org>.
You could copy the WS-Security examples system test for Secure
Conversation using your own WSDL and try to reproduce the error that
way:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?view=markup
Colm.
On Thu, Jan 5, 2012 at 5:57 PM, danlee100 <da...@yahoo.com> wrote:
> I am not sure what I could provide to you as a test-case.
>
> The WSDL on the server can be seen here:
>
> http://66.211.102.200/gen4/services/AssessmentDataService?wsdl
>
> The client hitting this service is actually a Microsoft implementation.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5123388.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by danlee100 <da...@yahoo.com>.
I am not sure what I could provide to you as a test-case.
The WSDL on the server can be seen here:
http://66.211.102.200/gen4/services/AssessmentDataService?wsdl
The client hitting this service is actually a Microsoft implementation.
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5123388.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Colm O hEigeartaigh <co...@apache.org>.
It's hard to say why it's not working. Do you have a test-case I can
take a look at?
Colm.
On Tue, Jan 3, 2012 at 9:17 PM, danlee100 <da...@yahoo.com> wrote:
> After I upgraded CXF to 2.5.1, I am getting another error. It seems that
> RequestSecurityToken is not recognized.
>
>
> 2012-01-03 12:19:13,700 [MIND] WARN [http-192.168.168.51-80-1]
> org.apache.cxf.phase.PhaseInterceptorChain.doLog(384) | Interceptor for
> {http://schema.bli.org/}AssessmentDataService has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Message part
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken was
> not recognized. (Does it exist in service WSDL?)
> at
> org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:197)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:126)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5117995.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by danlee100 <da...@yahoo.com>.
After I upgraded CXF to 2.5.1, I am getting another error. It seems that
RequestSecurityToken is not recognized.
2012-01-03 12:19:13,700 [MIND] WARN [http-192.168.168.51-80-1]
org.apache.cxf.phase.PhaseInterceptorChain.doLog(384) | Interceptor for
{http://schema.bli.org/}AssessmentDataService has thrown exception,
unwinding now
org.apache.cxf.interceptor.Fault: Message part
{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken was
not recognized. (Does it exist in service WSDL?)
at
org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:197)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:126)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5117995.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: General security error (Provided SAML token does not contain a
suitable key)
Posted by Colm O hEigeartaigh <co...@apache.org>.
If the problem you wanted fixed in WSS4J was:
https://issues.apache.org/jira/browse/WSS-323
Then this is fixed in CXF 2.5.1.
Colm.
On Tue, Jan 3, 2012 at 5:00 PM, danlee100 <da...@yahoo.com> wrote:
> I just noticed that CXF 2.5.1 is out now. Is the problem I supported fixed in
> this release? Let me know if you know offhand. I guess I could download it
> and test it, but I would like to know if you could tell me. Thanks.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-General-security-error-Provided-SAML-token-does-not-contain-a-suitable-key-tp4990489p5117386.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com