-
1. Re: need help with security_saml quickstart
beve Apr 13, 2010 12:40 AM (in response to srividhyak)Hi,
please try this with AS 5.1.0.GA which was the version used when testing. Make sure that you have the quickstart working as is and then modify it or use it as a reference for configuring your version.
org.picketlink.identity.federation.core.wstrust.WSTrustException: Unable to find a token provider for the token request
This exception would be thrown if PicketLinkSTS cannot find a token provider matching the token being sent to it. You can see the configuration of the STS in the picketlink-sts.war:
$ unzip -p picketlink-sts.war WEB-INF/classes/picketlink-sts.xml<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="false"><KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"><Auth Key="KeyStoreURL" Value="sts_keystore.jks"/><Auth Key="KeyStorePass" Value="testpass"/><Auth Key="SigningKeyAlias" Value="sts"/><Auth Key="SigningKeyPass" Value="keypass"/></KeyProvider><TokenProviders><TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"TokenElement="Assertion"TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/></TokenProviders><ServiceProviders><ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"TruststoreAlias="service1"/><ServiceProvider Endpoint="http://security_saml/goodbyeworld" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"TruststoreAlias="service1"/></ServiceProviders></PicketLinkSTS>If you still have an issue please modify the quickstart to reproduce this issue and I'll take a look at it.
Regards,
/Daniel
-
2. Re: need help with security_saml quickstart
srividhyak Apr 13, 2010 3:41 AM (in response to beve)Hi,
Thank you very much.
I ran the quickstart as is and it worked fine.
For my example, I had a different Service-Provider endpoint.
Added the service-provider entry to picketlink-sts.xml
<ServiceProvider Endpoint="http://localhost:8090/myserviceprovider" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" TruststoreAlias="service1"/>
After this change, my esb application also worked fine.
After adding the ServiceProvider entry to picketlink-sts.xml, I built the picketlink-sts.war again and deployed it.
Is there any other mechanism to add the new service-provider entry ?
Thanks,
Srividhya