2 Replies Latest reply on Jan 3, 2012 12:22 PM by dlaprade

Cannot validate sts token with sign/encrypt

dlaprade Dec 29, 2011 9:17 AM

Hello,

I am hoping someone can help me quickly solve my issue. It seems that I can verify an STS token using a handler defined in my configuration:

<jaxws:handlers>
        <bean class="org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler"/>
</jaxws:handlers>

If I comment out that handler then try my sign/encryption seems to work as well:

<jaxws:outInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
            <ref bean="SignResponse"/>
</jaxws:outInterceptors>

 <jaxws:inInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
            <ref bean="SignRequest"/>
 </jaxws:inInterceptors>

and:

<bean id="SignRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
.....
</bean>
<bean id="SignResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
.....
</bean>

The problem exists when I have both turned on:

Caused by: org.apache.cxf.binding.soap.SoapFault: PL00092: Null Value:No security token could be found in the SOAP Header

Does anyone know what I am doing wrong? All help is appreciated.

1. Re: Cannot validate sts token with sign/encrypt

dlaprade Dec 30, 2011 11:52 AM (in response to dlaprade)

The problem seems to lie in the STSSaml20Handler. If I remove the handler from the server side and the Assertion still exists in the header then everything is decrypted fine.

Has anyone else seem this problem before?
Actions
2. Re: Cannot validate sts token with sign/encrypt

dlaprade Jan 3, 2012 12:22 PM (in response to dlaprade)

I was able to find a solution to my issue by creating an CXF Interceptor that pulls the token out and does the validation using the STSClient.
Actions

Go to original post