You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-c-dev@ws.apache.org by So...@emc.com on 2008/03/05 20:27:36 UTC

SAML token isn't injected into the header.

I'm writing (using Rampart/C and Axis2/C subversion trunk) a test that
obtains a SAML token from an STS, and then invokes WS requests (via
WSDL2C-generate stub) that require a SAML token.
I was able to obtain a SAML token by following the saml_echo and
sts_client examples. The issued_token example does not appear to be
working: Rampart never invoked get_issued_token() function.
With the token added to rampart_config, I attempt to make a WS call,
hopping for the SAML token to appear in the SOAP header. 
In a debugger, I can see that Rampart does not make the out handler call
in the security phase (even though it is engaged), and, therefore, no
header produced.
Am I missing something basic?  Any insight will be appreciated.

-StanS

PS 
As a side issue, I was unable to find <RampartConfig> example for
cred_provider. Can anyone point me to it?

------------------------------------------------------------------------
-----------------------------------------------
Here is what I'm trying to do:
    
void get_SAML_token (const axutil_env_t* env, 
		         axis2_char_t* client_home,
		         rampart_config_t* rampart_config)
    {
        .................
    	rstr = trust_context_get_rstr (trust_ctx, env); 
	if (rstr)
	{
		saml_assertion = trust_rstr_get_requested_security_token
(rstr, env);
	

		if (saml_assertion)
		{
			saml_token = rampart_saml_token_create (env,
saml_assertion, 
	
RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
			rampart_saml_token_set_token_type (saml_token,
env, 
	
RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
			rampart_config_add_saml_token (rampart_config,
env, saml_token);
	        }	
    }

    int main(int, char**)
    {
       ..........
    logger = axis2_stub_LoggingService_create (env, client_home,
address);
    rampart_config = rampart_config_create (env);
    get_SAML_token (env, client_home, rampart_config);
    svc_client = axis2_stub_get_svc_client (logger, env);
    options = axis2_svc_client_get_options (svc_client, env);
    property = axutil_property_create_with_args (env,
AXIS2_SCOPE_REQUEST ,
                       AXIS2_TRUE, (void *) rampart_config_free,
rampart_config);
    axis2_options_set_property (options, env,
RAMPART_CLIENT_CONFIGURATION, property);   	        
     
    client_policy = neethi_util_create_policy_from_file (env,
".\\client-policy.xml");
    axis2_svc_client_set_policy (svc_client, env, client_policy);
       ..... 
    // Invoke the stub 
    logSystemEventResponse = axis2_stub_LoggingService_logSystemEvent
(logger, env);
       .................
    }       


    client-policy.xml:

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:Policy>
          <sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">
            <sp:RequestSecurityTokenTemplate
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
 
<wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
	
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:
RequestType>
            </sp:RequestSecurityTokenTemplate>
          </sp:IssuedToken>
        </wsp:Policy>
      </sp:SignedSupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Re: SAML token isn't injected into the header.

Posted by Supun Kamburugamuva <su...@gmail.com>.

Hi StaS,

Fixed the issue. Please check weather it is working.

Thanks,
Supun..

On Thu, Mar 6, 2008 at 10:41 AM,  <So...@emc.com> wrote:
> Hi Kasun,
>
>  The issued_token sample is broken:
>  https://issues.apache.org/jira/browse/RAMPARTC-78
>  Among other things, I noticed that sts-client-policy.xml is not copied
>  into install destination.
>
>  I do not use rampart_config_set_issued_token_aquire_function() because I
>  successfully obtain my SAML token in band (as in sts_client sample) and
>  set it in rampart_config: rampart_config_add_saml_token (rampart_config,
>  env, saml_token).
>  My problem may be related to the stub code generation issues described
>  here:
>  http://www.nabble.com/rampart-c-not-working-with-stubs-generated-using-w
>  sdl2c-to11731091.html
>  I edited my stubs per their recommendation, but it did not help me. It
>  appears that Rampart/C does not work with WSDL2C-generated stubs.
>
>  Regards,
>  StanS
>
>
>
>
>  -----Original Message-----
>  From: Kasun Indrasiri [mailto:kasun147@gmail.com]
>  Sent: Thursday, March 06, 2008 1:32 AM
>  To: rampart-c-dev@ws.apache.org
>  Subject: Re: SAML token isn't injected into the header.
>
>  The issued_token example does not appear to be
>  > working: Rampart never invoked get_issued_token() function.
>
>
>  Hi Stan,
>
>  I think the issued token sample properly worked (scenario 20 -I tested
>  in
>  windows) with all the other secpolicy scenarios.
>
>  And regarding your problem, you have mentioned that Rampart is not
>  invoking
>  the get_issued_token() function. Ramprt invokes that method only if the
>  function pointer is set as
>  'rampart_config_set_issued_token_aquire_function(client_config, env,
>  get_issued_token);'.
>  Have a look at the samples under ./samples/client/issued_token and
>  associated secpolicies in scenario 20.
>
>  Regards,
>
>  Kasun.
>

RE: SAML token isn't injected into the header.

Posted by So...@emc.com.

Hi Kasun,

The issued_token sample is broken:
https://issues.apache.org/jira/browse/RAMPARTC-78
Among other things, I noticed that sts-client-policy.xml is not copied
into install destination.

I do not use rampart_config_set_issued_token_aquire_function() because I
successfully obtain my SAML token in band (as in sts_client sample) and
set it in rampart_config: rampart_config_add_saml_token (rampart_config,
env, saml_token).
My problem may be related to the stub code generation issues described
here:
http://www.nabble.com/rampart-c-not-working-with-stubs-generated-using-w
sdl2c-to11731091.html
I edited my stubs per their recommendation, but it did not help me. It
appears that Rampart/C does not work with WSDL2C-generated stubs.

Regards,
StanS   
 

-----Original Message-----
From: Kasun Indrasiri [mailto:kasun147@gmail.com] 
Sent: Thursday, March 06, 2008 1:32 AM
To: rampart-c-dev@ws.apache.org
Subject: Re: SAML token isn't injected into the header.

The issued_token example does not appear to be
> working: Rampart never invoked get_issued_token() function.


Hi Stan,

I think the issued token sample properly worked (scenario 20 -I tested
in
windows) with all the other secpolicy scenarios.

And regarding your problem, you have mentioned that Rampart is not
invoking
the get_issued_token() function. Ramprt invokes that method only if the
function pointer is set as
'rampart_config_set_issued_token_aquire_function(client_config, env,
get_issued_token);'.
Have a look at the samples under ./samples/client/issued_token and
associated secpolicies in scenario 20.

Regards,

Kasun.

Re: SAML token isn't injected into the header.

Posted by Kasun Indrasiri <ka...@gmail.com>.

The issued_token example does not appear to be
> working: Rampart never invoked get_issued_token() function.


Hi Stan,

I think the issued token sample properly worked (scenario 20 -I tested in
windows) with all the other secpolicy scenarios.

And regarding your problem, you have mentioned that Rampart is not invoking
the get_issued_token() function. Ramprt invokes that method only if the
function pointer is set as
'rampart_config_set_issued_token_aquire_function(client_config, env,
get_issued_token);'.
Have a look at the samples under ./samples/client/issued_token and
associated secpolicies in scenario 20.

Regards,

Kasun.