Quantcast

RE: Problem calling WCF MS service with security, policies, trust

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Problem calling WCF MS service with security, policies, trust

Morein, Arnie
My situation has two WSDLs: a and b.

Both use the same keystore which contains two Trusted Cert Entries and a Private Key Entry (x.509 cert). This key is supposed to be used to sign and encrypt the messages.

Calling the a::authentication.authenticate method should be over https, signed and encrypted with the cert as mentioned above. NO user credentials are supplied. A session token is returned if all is well.

The session token, along with a user name and password are to be passed into all calls for WSDL b, using the same cert for signing and encryption.

I created two maven projects, one for each WSDL, using the cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring beans file with the required jaxws:client entries for the port names, and the related key store JKS file.

Both were added to the main WAR project and in one of the Spring XML files, I added:

<!-- set up the CXF bus -->
    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <cxf:bus>
        <cxf:features>
            <p:policies />
            <cxf:logging />
        </cxf:features>
    </cxf:bus>
    <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml" />
    <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />

And at boot time, spring finds those files and creates the beans. So no error THERE.

Calling the constructor for the service class and getting the port instance works for WSDL a without error.

But when calling .authenticate, I continually get the following. What gives? There isn't a SecurityTokenService listed in the a or b wsdl. I have no idea if the port name matches the syntax below ({http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or not.



Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] - Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
        at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
        at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) [VlsBusiness.class:na]
...

Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
        at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleEndorsingSupportingTokens(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:159) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        ... 270 common frames omitted
Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] - Interceptor for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://aamva.org/authentication/3.1.0}Authenticate has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
        at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
        at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178) [VlsBusiness.class:na]


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem calling WCF MS service with security, policies, trust

coheigea
Administrator
For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD

I'm not sure if your use-case is going to work by the way. Typically,
WS-SecureConversation is not used to obtain a token for once service and
then re-used for another service.

Colm.

On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[hidden email]>
wrote:

> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and a
> Private Key Entry (x.509 cert). This key is supposed to be used to sign and
> encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over https,
> signed and encrypted with the cert as mentioned above. NO user credentials
> are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be passed
> into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring beans
> file with the required jaxws:client entries for the port names, and the
> related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
>     <import resource="classpath:META-INF/cxf/cxf.xml" />
>     <cxf:bus>
>         <cxf:features>
>             <p:policies />
>             <cxf:logging />
>         </cxf:features>
>     </cxf:bus>
>     <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
>     <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So no
> error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I have
> no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService) or
> not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
> [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
> [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port is
> defined as well as a security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1821)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.java:388)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.java:319)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:861)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:198)
> ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.java:178)
> [VlsBusiness.class:na]
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

Morein, Arnie
Are you implying then, that using this syntax:

        <jaxws:properties>
            <entry
                key="ws-security.signature.properties"
                value="/META-INF/cxf/client-crypto.properties" />
            <entry
                key="ws-security.encryption.properties"
                value="/META-INF/cxf/client-crypto.properties" />
        </jaxws:properties>

Isn't going to work? Where those key/value pairs are in a properties file?

-----Original Message-----
From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Monday, February 20, 2017 8:39 AM
To: [hidden email]
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD

I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.

Colm.

On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[hidden email]>
wrote:

> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
>     <import resource="classpath:META-INF/cxf/cxf.xml" />
>     <cxf:bus>
>         <cxf:features>
>             <p:policies />
>             <cxf:logging />
>         </cxf:features>
>     </cxf:bus>
>     <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
>     <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

Morein, Arnie
In reply to this post by coheigea
Regardless: I updated the cxf-xyz.xml files in each of the two WS jar projects to reflect the property names:

    <jaxws:client
        id="aamva-security-token-service"
        name="{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService"
        createdFromAPI="true"
    >
        <jaxws:properties>
            <entry
                key="security.signature.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
            <entry
                key="security.encryption.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
        </jaxws:properties>
    </jaxws:client>
    <jaxws:client
        id="aamva-authentication"
        name="{http://aamva.org/authentication/3.1.0}wsHttpEndPoint"
        createdFromAPI="true"
    >
        <jaxws:properties>
            <entry
                key="security.signature.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
            <entry
                key="security.encryption.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
        </jaxws:properties>
    </jaxws:client>

    <jaxws:client id="aamva-vls3"
        name="{http://uscis.gov/uscis/services/esb/vls/3.0}WSHttpBinding_IVLS30Service"
        createdFromAPI="true"
    >
        <jaxws:properties>
            <entry
                key="security.signature.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
            <entry
                key="security.encryption.properties.sct"
                value="/META-INF/cxf/client-crypto.properties" />
        </jaxws:properties>
    </jaxws:client>

No change to error message at all:

Feb21 08:02:40.666 WARN [JDBCExceptionReporter         ][::] - Origination unknown: [10228][11541][3.59.81] Security exceptions occurred while loading driver. ERRORCODE=4223, SQLSTATE=null
Feb21 08:03:03.373 WARN [PhaseInterceptorChain         ][::] - Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a security.signature.properties element within it.
        at org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler.handleBinding(TransportBindingHandler.java:172) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) [cxf-core-3.1.10.jar:3.1.10]

The SecurityTokenService isn't referenced in the WSDL, so I'm assuming it is some kind of automatic service that can be included via configuration or mention somewhere? Or should I get a WSDL with it referenced explicitly?


-----Original Message-----
From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Monday, February 20, 2017 8:39 AM
To: [hidden email]
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD

I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.

Colm.

On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[hidden email]>
wrote:

> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
>     <import resource="classpath:META-INF/cxf/cxf.xml" />
>     <cxf:bus>
>         <cxf:features>
>             <p:policies />
>             <cxf:logging />
>         </cxf:features>
>     </cxf:bus>
>     <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
>     <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

Morein, Arnie
In reply to this post by coheigea
What's interesting is, CXF is complaining about this service:

Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}RequestSecurityToken has thrown exception, unwinding now

Note the URL above. It isn't mentioned in the WSDL at all. The policy section of the WSDL is below. That URL and an STS isn't mentioned explicitly.

This WS was developed by a .Net shop. Is something missing from their WSDL?

    <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:TransportBinding
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
                >
                    <wsp:Policy>
                        <sp:TransportToken>
                            <wsp:Policy>
                                <sp:HttpsToken
                                    RequireClientCertificate="false" />
                            </wsp:Policy>
                        </sp:TransportToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:Basic256 />
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict />
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp />
                    </wsp:Policy>
                </sp:TransportBinding>
                <sp:EndorsingSupportingTokens
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
                >
                    <wsp:Policy>
                        <sp:SecureConversationToken
                            sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
                        >
                            <wsp:Policy>
                                <sp:BootstrapPolicy>
                                    <wsp:Policy>
                                        <sp:SignedParts>
                                            <sp:Body />
                                            <sp:Header
                                                Name="To"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="From"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="FaultTo"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="ReplyTo"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="MessageID"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="RelatesTo"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                            <sp:Header
                                                Name="Action"
                                                Namespace="http://www.w3.org/2005/08/addressing" />
                                        </sp:SignedParts>
                                        <sp:EncryptedParts>
                                            <sp:Body />
                                        </sp:EncryptedParts>
                                        <sp:TransportBinding>
                                            <wsp:Policy>
                                                <sp:TransportToken>
                                                    <wsp:Policy>
                                                        <sp:HttpsToken
                                                            RequireClientCertificate="false" />
                                                    </wsp:Policy>
                                                </sp:TransportToken>
                                                <sp:AlgorithmSuite>
                                                    <wsp:Policy>
                                                        <sp:Basic256 />
                                                    </wsp:Policy>
                                                </sp:AlgorithmSuite>
                                                <sp:Layout>
                                                    <wsp:Policy>
                                                        <sp:Strict />
                                                    </wsp:Policy>
                                                </sp:Layout>
                                                <sp:IncludeTimestamp />
                                            </wsp:Policy>
                                        </sp:TransportBinding>
                                        <sp:EndorsingSupportingTokens>
                                            <wsp:Policy>
                                                <sp:X509Token
                                                    sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
                                                >
                                                    <wsp:Policy>
                                                        <sp:RequireThumbprintReference />
                                                        <sp:WssX509V3Token10 />
                                                    </wsp:Policy>
                                                </sp:X509Token>
                                                <sp:SignedParts>
                                                    <sp:Header
                                                        Name="To"
                                                        Namespace="http://www.w3.org/2005/08/addressing" />
                                                </sp:SignedParts>
                                            </wsp:Policy>
                                        </sp:EndorsingSupportingTokens>
                                        <sp:Wss11>
                                            <wsp:Policy>
                                                <sp:MustSupportRefThumbprint />
                                            </wsp:Policy>
                                        </sp:Wss11>
                                        <sp:Trust10>
                                            <wsp:Policy>
                                                <sp:MustSupportIssuedTokens />
                                                <sp:RequireClientEntropy />
                                                <sp:RequireServerEntropy />
                                            </wsp:Policy>
                                        </sp:Trust10>
                                    </wsp:Policy>
                                </sp:BootstrapPolicy>
                            </wsp:Policy>
                        </sp:SecureConversationToken>
                    </wsp:Policy>
                </sp:EndorsingSupportingTokens>
                <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy />
                </sp:Wss11>
                <sp:Trust10
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
                >
                    <wsp:Policy>
                        <sp:MustSupportIssuedTokens />
                        <sp:RequireClientEntropy />
                        <sp:RequireServerEntropy />
                    </wsp:Policy>
                </sp:Trust10>
                <wsaw:UsingAddressing />
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

-----Original Message-----
From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Monday, February 20, 2017 8:39 AM
To: [hidden email]
Subject: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

For WS-SecureConversation, the configuration parameters for the "bootstrap"
phase end with ".sct". See the examples here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client.xml;h=b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD

I'm not sure if your use-case is going to work by the way. Typically, WS-SecureConversation is not used to obtain a token for once service and then re-used for another service.

Colm.

On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <[hidden email]>
wrote:

> My situation has two WSDLs: a and b.
>
> Both use the same keystore which contains two Trusted Cert Entries and
> a Private Key Entry (x.509 cert). This key is supposed to be used to
> sign and encrypt the messages.
>
> Calling the a::authentication.authenticate method should be over
> https, signed and encrypted with the cert as mentioned above. NO user
> credentials are supplied. A session token is returned if all is well.
>
> The session token, along with a user name and password are to be
> passed into all calls for WSDL b, using the same cert for signing and encryption.
>
> I created two maven projects, one for each WSDL, using the
> cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> beans file with the required jaxws:client entries for the port names,
> and the related key store JKS file.
>
> Both were added to the main WAR project and in one of the Spring XML
> files, I added:
>
> <!-- set up the CXF bus -->
>     <import resource="classpath:META-INF/cxf/cxf.xml" />
>     <cxf:bus>
>         <cxf:features>
>             <p:policies />
>             <cxf:logging />
>         </cxf:features>
>     </cxf:bus>
>     <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.xml"
> />
>     <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
>
> And at boot time, spring finds those files and creates the beans. So
> no error THERE.
>
> Calling the constructor for the service class and getting the port
> instance works for WSDL a without error.
>
> But when calling .authenticate, I continually get the following. What
> gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> have no idea if the port name matches the syntax below ({
> http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> or not.
>
>
>
> Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> } RequestSecurityToken has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
> ...
>
> Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> configuration could not be detected. Potential cause: Make sure
> jaxws:client element with name attribute value matching endpoint port
> is defined as well as a security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleEndorsingSupportingToken
> s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         ... 270 common frames omitted
> Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] - Interceptor
> for
> {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> unwinding now
> org.apache.cxf.interceptor.Fault: Security configuration could not be
> detected. Potential cause: Make sure jaxws:client element with name
> attribute value matching endpoint port is defined as well as a
> security.signature.properties element within it.
>         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(
> SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> jar:3.1.10]
>         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> [cxf-core-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
>         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
>         at
> txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> a:178)
> [VlsBusiness.class:na]
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [EXTERNAL] Re: Problem calling WCF MS service with security, policies, trust

coheigea
Administrator
The WSDL is fine, that port name is implied by the fact that there is a
WS-SecureConveration policy (the STSClient initiates the conversation). It
sounds like some configuration is not getting picked up. If you can't
figure it out by looking at the example I pointed you to, then please
create a JIRA with a reproducible test-case + someone will take a look.

Colm.

On Tue, Feb 21, 2017 at 2:16 PM, Morein, Arnie <[hidden email]>
wrote:

> What's interesting is, CXF is complaining about this service:
>
> Interceptor for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> RequestSecurityToken has thrown exception, unwinding now
>
> Note the URL above. It isn't mentioned in the WSDL at all. The policy
> section of the WSDL is below. That URL and an STS isn't mentioned
> explicitly.
>
> This WS was developed by a .Net shop. Is something missing from their WSDL?
>
>     <wsp:Policy wsu:Id="wsHttpEndPoint_policy">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sp:TransportBinding
>                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
>                 >
>                     <wsp:Policy>
>                         <sp:TransportToken>
>                             <wsp:Policy>
>                                 <sp:HttpsToken
>                                     RequireClientCertificate="false" />
>                             </wsp:Policy>
>                         </sp:TransportToken>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:Basic256 />
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Strict />
>                             </wsp:Policy>
>                         </sp:Layout>
>                         <sp:IncludeTimestamp />
>                     </wsp:Policy>
>                 </sp:TransportBinding>
>                 <sp:EndorsingSupportingTokens
>                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
>                 >
>                     <wsp:Policy>
>                         <sp:SecureConversationToken
>                             sp:IncludeToken="http://
> schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
>                         >
>                             <wsp:Policy>
>                                 <sp:BootstrapPolicy>
>                                     <wsp:Policy>
>                                         <sp:SignedParts>
>                                             <sp:Body />
>                                             <sp:Header
>                                                 Name="To"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="From"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="FaultTo"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="ReplyTo"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="MessageID"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="RelatesTo"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                             <sp:Header
>                                                 Name="Action"
>                                                 Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                         </sp:SignedParts>
>                                         <sp:EncryptedParts>
>                                             <sp:Body />
>                                         </sp:EncryptedParts>
>                                         <sp:TransportBinding>
>                                             <wsp:Policy>
>                                                 <sp:TransportToken>
>                                                     <wsp:Policy>
>                                                         <sp:HttpsToken
>
> RequireClientCertificate="false" />
>                                                     </wsp:Policy>
>                                                 </sp:TransportToken>
>                                                 <sp:AlgorithmSuite>
>                                                     <wsp:Policy>
>                                                         <sp:Basic256 />
>                                                     </wsp:Policy>
>                                                 </sp:AlgorithmSuite>
>                                                 <sp:Layout>
>                                                     <wsp:Policy>
>                                                         <sp:Strict />
>                                                     </wsp:Policy>
>                                                 </sp:Layout>
>                                                 <sp:IncludeTimestamp />
>                                             </wsp:Policy>
>                                         </sp:TransportBinding>
>                                         <sp:EndorsingSupportingTokens>
>                                             <wsp:Policy>
>                                                 <sp:X509Token
>                                                     sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> IncludeToken/AlwaysToRecipient"
>                                                 >
>                                                     <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
>                                                     </wsp:Policy>
>                                                 </sp:X509Token>
>                                                 <sp:SignedParts>
>                                                     <sp:Header
>                                                         Name="To"
>                                                         Namespace="
> http://www.w3.org/2005/08/addressing" />
>                                                 </sp:SignedParts>
>                                             </wsp:Policy>
>                                         </sp:EndorsingSupportingTokens>
>                                         <sp:Wss11>
>                                             <wsp:Policy>
>
> <sp:MustSupportRefThumbprint />
>                                             </wsp:Policy>
>                                         </sp:Wss11>
>                                         <sp:Trust10>
>                                             <wsp:Policy>
>
> <sp:MustSupportIssuedTokens />
>                                                 <sp:RequireClientEntropy />
>                                                 <sp:RequireServerEntropy />
>                                             </wsp:Policy>
>                                         </sp:Trust10>
>                                     </wsp:Policy>
>                                 </sp:BootstrapPolicy>
>                             </wsp:Policy>
>                         </sp:SecureConversationToken>
>                     </wsp:Policy>
>                 </sp:EndorsingSupportingTokens>
>                 <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy">
>                     <wsp:Policy />
>                 </sp:Wss11>
>                 <sp:Trust10
>                     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/
> securitypolicy"
>                 >
>                     <wsp:Policy>
>                         <sp:MustSupportIssuedTokens />
>                         <sp:RequireClientEntropy />
>                         <sp:RequireServerEntropy />
>                     </wsp:Policy>
>                 </sp:Trust10>
>                 <wsaw:UsingAddressing />
>             </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:[hidden email]]
> Sent: Monday, February 20, 2017 8:39 AM
> To: [hidden email]
> Subject: [EXTERNAL] Re: Problem calling WCF MS service with security,
> policies, trust
>
> For WS-SecureConversation, the configuration parameters for the "bootstrap"
> phase end with ".sct". See the examples here:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=
> systests/ws-security-examples/src/test/resources/org/apache/
> cxf/systest/wssec/examples/secconv/client.xml;h=
> b5a395f7048cfa4d084f38d311df4b5c4206070b;hb=HEAD
>
> I'm not sure if your use-case is going to work by the way. Typically,
> WS-SecureConversation is not used to obtain a token for once service and
> then re-used for another service.
>
> Colm.
>
> On Fri, Feb 17, 2017 at 2:21 PM, Morein, Arnie <
> [hidden email]>
> wrote:
>
> > My situation has two WSDLs: a and b.
> >
> > Both use the same keystore which contains two Trusted Cert Entries and
> > a Private Key Entry (x.509 cert). This key is supposed to be used to
> > sign and encrypt the messages.
> >
> > Calling the a::authentication.authenticate method should be over
> > https, signed and encrypted with the cert as mentioned above. NO user
> > credentials are supplied. A session token is returned if all is well.
> >
> > The session token, along with a user name and password are to be
> > passed into all calls for WSDL b, using the same cert for signing and
> encryption.
> >
> > I created two maven projects, one for each WSDL, using the
> > cxf-codegen-plugin (3.1.10). Each has a /META-INF/cxf/ folder with
> > client-crypto.properties, a cfx-wsdl-a/b.xml file which is a Spring
> > beans file with the required jaxws:client entries for the port names,
> > and the related key store JKS file.
> >
> > Both were added to the main WAR project and in one of the Spring XML
> > files, I added:
> >
> > <!-- set up the CXF bus -->
> >     <import resource="classpath:META-INF/cxf/cxf.xml" />
> >     <cxf:bus>
> >         <cxf:features>
> >             <p:policies />
> >             <cxf:logging />
> >         </cxf:features>
> >     </cxf:bus>
> >     <import resource="classpath:META-INF/cxf/cxf-aamva-authentication.
> xml"
> > />
> >     <import resource="classpath:META-INF/cxf/cxf-aamva-vls3.xml" />
> >
> > And at boot time, spring finds those files and creates the beans. So
> > no error THERE.
> >
> > Calling the constructor for the service class and getting the port
> > instance works for WSDL a without error.
> >
> > But when calling .authenticate, I continually get the following. What
> > gives? There isn't a SecurityTokenService listed in the a or b wsdl. I
> > have no idea if the port name matches the syntax below ({
> > http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}SecurityTokenService)
> > or not.
> >
> >
> >
> > Feb17 08:17:37.735 WARN [PhaseInterceptorChain         ][::] -
> Interceptor
> > for {http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl}
> > SecurityTokenService#{http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl
> > } RequestSecurityToken has thrown exception, unwinding now
> > org.apache.cxf.interceptor.Fault: Security configuration could not be
> > detected. Potential cause: Make sure jaxws:client element with name
> > attribute value matching endpoint port is defined as well as a
> > security.signature.properties element within it.
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> > ient.java:861) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:61) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:55) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:51) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> > ceptor.java:198) [cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:81) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:50) [cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> >         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> >         at
> > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> > a:178)
> > [VlsBusiness.class:na]
> > ...
> >
> > Caused by: org.apache.cxf.ws.policy.PolicyException: Security
> > configuration could not be detected. Potential cause: Make sure
> > jaxws:client element with name attribute value matching endpoint port
> > is defined as well as a security.signature.properties element within it.
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandl
> > er.java:92) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java
> > :1821) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.doX509TokenSignature(TransportBindingHandler.j
> > ava:388) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleEndorsingToken(TransportBindingHandler.j
> > ava:319) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleEndorsingSupportingToken
> > s(TransportBindingHandler.java:269) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:159
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         ... 270 common frames omitted
> > Feb17 08:17:37.788 WARN [PhaseInterceptorChain         ][::] -
> Interceptor
> > for
> > {http://aamva.org/authentication/3.1.0}AuthenticationService#{http://
> > aamva.org/authentication/3.1.0}Authenticate has thrown exception,
> > unwinding now
> > org.apache.cxf.interceptor.Fault: Security configuration could not be
> > detected. Potential cause: Make sure jaxws:client element with name
> > attribute value matching endpoint port is defined as well as a
> > security.signature.properties element within it.
> >         at org.apache.cxf.ws.security.wss4j.policyhandlers.
> > TransportBindingHandler.handleBinding(TransportBindingHandler.java:172
> > ) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(
> > PolicyBasedWSS4JOutInterceptor.java:185) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:109) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor
> > $PolicyBasedWSS4JOutInterceptorInternal.handleMessage(
> > PolicyBasedWSS4JOutInterceptor.java:96) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSCl
> > ient.java:861) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:61) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:55) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.trust.STSClient.
> > requestSecurityToken(STSClient.java:51) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.issueToken(SecureConversationOutInter
> > ceptor.java:198) ~[cxf-rt-ws-security-3.1.10.jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:81) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.ws.security.policy.interceptors.
> > SecureConversationOutInterceptor.handleMessage(
> > SecureConversationOutInterceptor.java:50) ~[cxf-rt-ws-security-3.1.10.
> > jar:3.1.10]
> >         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:308) ~[cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> > [cxf-core-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> > [cxf-rt-frontend-simple-3.1.10.jar:3.1.10]
> >         at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139
> > ) [cxf-rt-frontend-jaxws-3.1.10.jar:3.1.10]
> >         at com.sun.proxy.$Proxy56.authenticate(Unknown Source) [na:na]
> >         at
> > txdps.dl.bpr.common.business.VlsBusiness.postConstruct(VlsBusiness.jav
> > a:178)
> > [VlsBusiness.class:na]
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [EXTERNAL] Re: Re: Problem calling WCF MS service with security, policies, trust

Morein, Arnie
Query, in the properties file referenced from the XML file, is this the right prefix for the properties?

org.apache.ws.security.crypto.merlin.*

The reason I ask is, the GIT URL you sent me to, the entry keys begin with "security.*" instead of "ws-security.*" I've seen else where; as well as being suffixed with ".sct".


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [EXTERNAL] Re: Re: Problem calling WCF MS service with security, policies, trust

coheigea
Administrator
Newer versions of CXF use "org.apache.wss4j" for the crypto properties as
well as "security.*" for the security configuration. The
"org.apache.ws.security" configuration options as well as "ws-security.*"
are older. However both are supported in reasonably current versions of CXF.

Colm.

On Tue, Feb 21, 2017 at 2:58 PM, Morein, Arnie <[hidden email]>
wrote:

> Query, in the properties file referenced from the XML file, is this the
> right prefix for the properties?
>
> org.apache.ws.security.crypto.merlin.*
>
> The reason I ask is, the GIT URL you sent me to, the entry keys begin with
> "security.*" instead of "ws-security.*" I've seen else where; as well as
> being suffixed with ".sct".
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Loading...