-
1. Re: STSValidatingLoginModule (sample request to the esb)
beve Apr 20, 2010 11:23 PM (in response to srividhyak)Hi,
it is expecting a SAML Assertion element in the security header. Something like this:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> ... </saml:Assertion> </wsse:Security> </env:Header> <env:Body/> </env:Envelope>
Regards,
/Daniel
-
2. Re: STSValidatingLoginModule (sample request to the esb)
srividhyak Apr 21, 2010 1:10 AM (in response to beve)Hi,
Thanks for your reply.
I tried by adding the saml assertion too. (I used the STSIssuingLoginModule)
I get the following exception when the request contains SAML assertions.
2010-04-21 10:29:47,987 ERROR [org.jboss.soa.esb.listeners.message.ActionProcessingPipeline] (pool-21-thread-1) SecurityService exception :org.jboss.soa.esb.services.security.SecurityServiceException: Service 'sendExternal' has been configured for security but no AuthenticationRequest could be located in the Message Context. Cannot authenticate without an AuthenticationRequest.at org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.processPipeline(ActionProcessingPipeline.java:527)Can you please suggest if this is an issue with my input token or the esb configuration ?
Thanks,
Srividhya
-
3. Re: STSValidatingLoginModule (sample request to the esb)
srividhyak Apr 21, 2010 9:11 AM (in response to srividhyak)Hi Daniel,
I have been using the JBR listener in the SAML Validator esb example for creating the Http end-point.
The JBR Listener seems to extract only the Http BASIC username & password tokens from the request and creates an auth. request.
I also tried using the HTTP Gateway/Listener.
This also seems to use only the user-name token and binary-security token extractors for creating the auth. request.
I believe this is why I get the "no Authentication Request in Message Context" error even when the SOAP request contains SAML assertions.
Can you please suggest how I can invoke the extractor for SAML assertions ?
Thanks,
Srividhya
-
4. Re: STSValidatingLoginModule (sample request to the esb)
beve Apr 21, 2010 12:11 PM (in response to srividhyak)You can specify your own message composer for the gateway like this:
<jbr-listener name="Http-Gateway" busidref="Http-1" is-gateway="true"> <property name="synchronous" value="false"/> <property name="composer-class" value="org.jboss.soa.esb.listeners.gateway.MyJBRMessageComposer"/> </jbr-listener>
I've attached the class MyJBRMessageComposer which also adds a SamlAssertionExtractor. You can modify the composer to suite you needs. I just used the JBossRemotingMessageComposer for this.
I've not had time to try this but hope this helps.
Regards,
/Daniel
-
5. Re: STSValidatingLoginModule (sample request to the esb)
srividhyak Apr 28, 2010 1:37 AM (in response to beve)Hi Daniel,
Yes, this helped me fix the issue. Thank you.
Regards,
Srividhya