You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Jan Bernhardt (JIRA)" <ji...@apache.org> on 2014/07/31 10:23:39 UTC

[jira] [Commented] (FEDIZ-70) Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)

    [ https://issues.apache.org/jira/browse/FEDIZ-70?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14080639#comment-14080639 ] 

Jan Bernhardt commented on FEDIZ-70:
------------------------------------

Just in case someone else is also wondering on how this patch can be used now ;-)
Edit your realm config file from your IDP {{fediz-idp/WEB-INF/idp-config-realma.xml}} and add a {{policyNamespace}} property to your service configuration.

Example:
{code}
    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.model.ServiceConfig">
        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld" />
        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
        <property name="serviceDisplayName" value="Fedizhelloworld" />
        <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
        <property name="role" value="ApplicationServiceType" />
        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
        <property name="lifeTime" value="3600" />
        <property name="policyNamespace" value="http://schemas.xmlsoap.org/ws/2004/09/policy" />
        <!-- <property name="encryptionCertificate" value="" /> -->
        <property name="requestedClaims">
            <util:list>
                <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" />
                    <property name="optional" value="false" />
                </bean>
                <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" />
                    <property name="optional" value="false" />
                </bean>
                <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
                    <property name="optional" value="false" />
                </bean>
                <bean class="org.apache.cxf.fediz.service.idp.model.RequestClaim">
                    <property name="claimType" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" />
                    <property name="optional" value="true" />
                </bean>        		        		        		
            </util:list>
        </property>
    </bean>
{code}

> Missing support for Web Services Policy 1.2 (http://schemas.xmlsoap.org/ws/2004/09/policy)
> ------------------------------------------------------------------------------------------
>
>                 Key: FEDIZ-70
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-70
>             Project: CXF-Fediz
>          Issue Type: Bug
>          Components: IDP
>    Affects Versions: 1.1.0
>         Environment: Tomcat 7.0.47, JRE 1.7
> SharePoint 2010 as SP
>            Reporter: Stepan Hrbacek
>            Assignee: Oliver Wulff
>              Labels: http://schemas.xmlsoap.org/ws/2004/09/policy, http://www.w3.org/ns/ws-policy
>             Fix For: 1.1.1, 1.2.0
>
>
> I am trying to setup Claims authentication to SharePoint 2010 via Apache CXF Fediz IDP and I have SharePoint rejects claims created by Fediz because it does not support Web Services Policy 1.5 (http://www.w3.org/ns/ws-policy) that is by default used in Fediz - following error is reported (see mailing list [Claims authentication to SharePoint 2010 via Apache CXF Fediz IDP|http://mail-archives.apache.org/mod_mbox/cxf-users/201402.mbox/%3C79AB4452999C844D9920E0363533273111A8C322%40S10BE002.SH10.lan%3E]):
> --------------------------
> 02/06/2014 11:18:00.40 	w3wp.exe (0x1268)                       	0x0BD4	SharePoint Foundation
>         	General                       	8nca	Verbose 	Application error when access /_trust/,
> Error=ID3007: The element 'AppliesTo' with namespace 'http://www.w3.org/ns/ws-policy' is unrecognized.
>   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.ReadRSTRXml(XmlReader
> reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter
> trustConstants)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.CreateResponse(XmlReader
> reader, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer,
> WSTrustConstantsAdapter trustConstants)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXml(XmlReader
> reader, WSTrustSerializationContext context)     at Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSer...
> 94b07bcc-8709-4449-8c8f-c4e175e2949b
> --------------------------
> Would it be please possible to extend the org.apache.cxf.fediz.service.idp.beans.STSClientAction so that the WSP and Addressing namespaces are configurable in idp-servlet.xml?



--
This message was sent by Atlassian JIRA
(v6.2#6252)