You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by So...@emc.com on 2008/03/05 20:27:36 UTC
SAML token isn't injected into the header.
I'm writing (using Rampart/C and Axis2/C subversion trunk) a test that
obtains a SAML token from an STS, and then invokes WS requests (via
WSDL2C-generate stub) that require a SAML token.
I was able to obtain a SAML token by following the saml_echo and
sts_client examples. The issued_token example does not appear to be
working: Rampart never invoked get_issued_token() function.
With the token added to rampart_config, I attempt to make a WS call,
hopping for the SAML token to appear in the SOAP header.
In a debugger, I can see that Rampart does not make the out handler call
in the security phase (even though it is engaged), and, therefore, no
header produced.
Am I missing something basic? Any insight will be appreciated.
-StanS
PS
As a side issue, I was unable to find <RampartConfig> example for
cred_provider. Can anyone point me to it?
------------------------------------------------------------------------
-----------------------------------------------
Here is what I'm trying to do:
void get_SAML_token (const axutil_env_t* env,
axis2_char_t* client_home,
rampart_config_t* rampart_config)
{
.................
rstr = trust_context_get_rstr (trust_ctx, env);
if (rstr)
{
saml_assertion = trust_rstr_get_requested_security_token
(rstr, env);
if (saml_assertion)
{
saml_token = rampart_saml_token_create (env,
saml_assertion,
RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
rampart_saml_token_set_token_type (saml_token,
env,
RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
rampart_config_add_saml_token (rampart_config,
env, saml_token);
}
}
int main(int, char**)
{
..........
logger = axis2_stub_LoggingService_create (env, client_home,
address);
rampart_config = rampart_config_create (env);
get_SAML_token (env, client_home, rampart_config);
svc_client = axis2_stub_get_svc_client (logger, env);
options = axis2_svc_client_get_options (svc_client, env);
property = axutil_property_create_with_args (env,
AXIS2_SCOPE_REQUEST ,
AXIS2_TRUE, (void *) rampart_config_free,
rampart_config);
axis2_options_set_property (options, env,
RAMPART_CLIENT_CONFIGURATION, property);
client_policy = neethi_util_create_policy_from_file (env,
".\\client-policy.xml");
axis2_svc_client_set_policy (svc_client, env, client_policy);
.....
// Invoke the stub
logSystemEventResponse = axis2_stub_LoggingService_logSystemEvent
(logger, env);
.................
}
client-policy.xml:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">
<sp:RequestSecurityTokenTemplate
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:
RequestType>
</sp:RequestSecurityTokenTemplate>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Re: SAML token isn't injected into the header.
Posted by Supun Kamburugamuva <su...@gmail.com>.
Hi StaS,
Fixed the issue. Please check weather it is working.
Thanks,
Supun..
On Thu, Mar 6, 2008 at 10:41 AM, <So...@emc.com> wrote:
> Hi Kasun,
>
> The issued_token sample is broken:
> https://issues.apache.org/jira/browse/RAMPARTC-78
> Among other things, I noticed that sts-client-policy.xml is not copied
> into install destination.
>
> I do not use rampart_config_set_issued_token_aquire_function() because I
> successfully obtain my SAML token in band (as in sts_client sample) and
> set it in rampart_config: rampart_config_add_saml_token (rampart_config,
> env, saml_token).
> My problem may be related to the stub code generation issues described
> here:
> http://www.nabble.com/rampart-c-not-working-with-stubs-generated-using-w
> sdl2c-to11731091.html
> I edited my stubs per their recommendation, but it did not help me. It
> appears that Rampart/C does not work with WSDL2C-generated stubs.
>
> Regards,
> StanS
>
>
>
>
> -----Original Message-----
> From: Kasun Indrasiri [mailto:kasun147@gmail.com]
> Sent: Thursday, March 06, 2008 1:32 AM
> To: rampart-c-dev@ws.apache.org
> Subject: Re: SAML token isn't injected into the header.
>
> The issued_token example does not appear to be
> > working: Rampart never invoked get_issued_token() function.
>
>
> Hi Stan,
>
> I think the issued token sample properly worked (scenario 20 -I tested
> in
> windows) with all the other secpolicy scenarios.
>
> And regarding your problem, you have mentioned that Rampart is not
> invoking
> the get_issued_token() function. Ramprt invokes that method only if the
> function pointer is set as
> 'rampart_config_set_issued_token_aquire_function(client_config, env,
> get_issued_token);'.
> Have a look at the samples under ./samples/client/issued_token and
> associated secpolicies in scenario 20.
>
> Regards,
>
> Kasun.
>
RE: SAML token isn't injected into the header.
Posted by So...@emc.com.
Hi Kasun,
The issued_token sample is broken:
https://issues.apache.org/jira/browse/RAMPARTC-78
Among other things, I noticed that sts-client-policy.xml is not copied
into install destination.
I do not use rampart_config_set_issued_token_aquire_function() because I
successfully obtain my SAML token in band (as in sts_client sample) and
set it in rampart_config: rampart_config_add_saml_token (rampart_config,
env, saml_token).
My problem may be related to the stub code generation issues described
here:
http://www.nabble.com/rampart-c-not-working-with-stubs-generated-using-w
sdl2c-to11731091.html
I edited my stubs per their recommendation, but it did not help me. It
appears that Rampart/C does not work with WSDL2C-generated stubs.
Regards,
StanS
-----Original Message-----
From: Kasun Indrasiri [mailto:kasun147@gmail.com]
Sent: Thursday, March 06, 2008 1:32 AM
To: rampart-c-dev@ws.apache.org
Subject: Re: SAML token isn't injected into the header.
The issued_token example does not appear to be
> working: Rampart never invoked get_issued_token() function.
Hi Stan,
I think the issued token sample properly worked (scenario 20 -I tested
in
windows) with all the other secpolicy scenarios.
And regarding your problem, you have mentioned that Rampart is not
invoking
the get_issued_token() function. Ramprt invokes that method only if the
function pointer is set as
'rampart_config_set_issued_token_aquire_function(client_config, env,
get_issued_token);'.
Have a look at the samples under ./samples/client/issued_token and
associated secpolicies in scenario 20.
Regards,
Kasun.
Re: SAML token isn't injected into the header.
Posted by Kasun Indrasiri <ka...@gmail.com>.
The issued_token example does not appear to be
> working: Rampart never invoked get_issued_token() function.
Hi Stan,
I think the issued token sample properly worked (scenario 20 -I tested in
windows) with all the other secpolicy scenarios.
And regarding your problem, you have mentioned that Rampart is not invoking
the get_issued_token() function. Ramprt invokes that method only if the
function pointer is set as
'rampart_config_set_issued_token_aquire_function(client_config, env,
get_issued_token);'.
Have a look at the samples under ./samples/client/issued_token and
associated secpolicies in scenario 20.
Regards,
Kasun.