-
1. Re: WSTrustClientTest xmlns has been already bound to http://www.w3.org/2005/08/addressing
bjones11 May 5, 2010 6:27 PM (in response to bjones11)I did more testing. This is basically running the client code that was in http://community.jboss.org/wiki/PicketLinkSecurityTokenServiceI
I printed out the request just before it sends and it looks like this
<?xml version="1.0" encoding="UTF-8" standalone="no"?><ns4:RequestSecurityToken xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns5="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" Context="context"><ns4:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</ns4:TokenType><ns4:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</ns4:RequestType></ns4:RequestSecurityToken>
This errors with the following
javax.xml.stream.XMLStreamException: xmlns has been already bound to http://www.w3.org/2005/08/addressing. Rebinding it to is an error
If I modify the request and send this
<?xml version="1.0" encoding="UTF-8" standalone="no"?><ns4:RequestSecurityToken xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns="" xmlns:ns2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns5="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" Context="context"><ns4:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</ns4:TokenType><ns4:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</ns4:RequestType></ns4:RequestSecurityToken>
The token is issued. And it works. Why does it think I'm rebinding it to "blank" in the first instance?
I havent changed anything in the client code. Any help is appreciated.
Brian
-
2. Re: WSTrustClientTest xmlns has been already bound to http://www.w3.org/2005/08/addressing
bjones11 May 6, 2010 3:54 PM (in response to bjones11)ok I've gotten it to issue a token. I basically had to send the request manually through a http client. But it worked. But now when I try to validate it fails and on jboss I see the following error
Caused by: org.picketlink.identity.federation.core.wstrust.WSTrustException: No SecurityTokenProvider configured for http://docs.oasis-open.org/ws-sx/ws-trust/200512:RequestSecurityTokenResponseCollection
at org.picketlink.identity.federation.core.wstrust.StandardRequestHandle
r.validate(StandardRequestHandler.java:401)
at org.picketlink.identity.federation.core.wstrust.PicketLinkSTS.handleT
okenRequest(PicketLinkSTS.java:147)Why is it looking for a provider for the ws-trust namespace? I'm using the configuration in the war file with no changes. If the keystore is not valid then why is it issuing the token correctly with out error. I've attached the validation request I'm sending to the STS.
Thanks
Brian
-
validate.xml 3.5 KB
-
-
3. Re: WSTrustClientTest xmlns has been already bound to http://www.w3.org/2005/08/addressing
anil.saldhana May 9, 2010 4:38 PM (in response to bjones11)1) First get it working in a JUnit based environment with the dependencies.
2) Then move to JBAS environment.
3) See if you can endorse the JBossWS libraries. JDK6 contains jax-ws and other code that may not be up to date and not what we want.
Please endorse the JBossWS libraries as mentioned in the STS article.
-
4. Re: WSTrustClientTest xmlns has been already bound to http://www.w3.org/2005/08/addressing
sguilhen May 11, 2010 3:51 PM (in response to bjones11)The validation request is just wrong. The ValidateTarget element should contain the token to be validated and not the response message. So instead of
<ValidateTarget> <RequestSecurityTokenResponseCollection> ... </RequestSecurityTokenResponseCollection> </ValidateTarget>
you should have
<ValidateTarget> <saml:Assertion xmlns:saml="..."> .. </saml:Assertion> </ValidateTarget>
This means you need to extract the token from the issue request and then use this token as the validation target.