Invoke a Webservice that return a SAML assertion
Dear Developers,
how can i invoke a Synchronous Webservices(AuthenticateUserService) that reteurn an authentication assertion (SAML assertion) and then use this authentication assertion to invoke another service.
the AuthenticateUserService has one web service method "login" with the following parameter: loginRequest (with the attributes user and pass which are necessary for logon)
loginResponse (with the response attribute authentication assertion and response message
authentication assertion will be use to invoke another WebService
thanks in advance
Sorry my entity is like this...
@Entity
@Table(name = "V_I_ORGANISATIONS")
Class InternalOrganisationImpl implements InternalOrganisation{
@Id
@Column(name = "IO_ID")
@ManyToOne(cascade=javax.persistence.CascadeType.ALL)
private Long id;
@OneToOne
@JoinColumn(name = "IO_PARENT_ID")
private InternalOrganisation parent;
@OneToMany(mappedBy="parent", fetch=FetchType.LAZY)
private List<InternalOrganisation> children;
public List<InternalOrganisation> getChildrenOrganisation(Long id){
return children;
}This example is fo a hierarchical table/entity but for other case, the problem is tha same...
No dao there in of course!
When I do this i've an error "reference to an unknow entity ... *InternalOrganisation*" (problem is the getChildren method)
Yes it's normal as InternalOrganisation is an interface.
So it's not possible to cretae inteface for entities?
But how to create a webservices that return entities as those entities contains jpa annotations?
Edited by: paf.be on May 16, 2008 9:54 AM
Similar Messages
-
Invoking stored procedure that returns array(oracle object type) as output
Hi,
We have stored procedures which returns arrays(oracle type) as an output, can anyone shed some light on how to map those arrays using JPA annotations? I tried using jdbcTypeName but i was getting wrong type or argument error, your help is very much appreciated. Below is the code snippet.
JPA Class:
import java.io.Serializable;
import java.sql.Array;
import java.util.List;
import javax.persistence.Entity;
import javax.persistence.Id;
import org.eclipse.persistence.annotations.Direction;
import org.eclipse.persistence.annotations.NamedStoredProcedureQuery;
import org.eclipse.persistence.annotations.StoredProcedureParameter;
* The persistent class for the MessagePublish database table.
@Entity
@NamedStoredProcedureQuery(name="GetTeamMembersDetails",
procedureName="team_emp_maintenance_pkg.get_user_team_roles",
resultClass=TeamMembersDetails.class,
returnsResultSet=true,
parameters={
@StoredProcedureParameter(queryParameter="userId",name="I_USER_ID",direction=Direction.IN,type=Long.class),
@StoredProcedureParameter(queryParameter="employeeId",name="I_EMPLOYEEID",direction=Direction.IN,type=Long.class),
@StoredProcedureParameter(queryParameter="TEAMMEMBERSDETAILSOT",name="O_TEAM_ROLES",direction=Direction.OUT,jdbcTypeName="OBJ_TEAM_ROLES"),
@StoredProcedureParameter(queryParameter="debugMode",name="I_DEBUGMODE",direction=Direction.IN,type=Long.class)
public class TeamMembersDetails implements Serializable {
private static final long serialVersionUID = 1L;
@Id
private long userId;
private List<TeamMembersDetailsOT> teamMembersDetailsOT;
public void setTeamMembersDetailsOT(List<TeamMembersDetailsOT> teamMembersDetailsOT) {
this.teamMembersDetailsOT = teamMembersDetailsOT;
public List<TeamMembersDetailsOT> getTeamMembersDetailsOT() {
return teamMembersDetailsOT;
Procedure
PROCEDURE get_user_team_roles (
i_user_id IN ue_user.user_id%TYPE
, o_team_roles OUT OBJ_TEAM_ROLES_ARRAY
, i_debugmode IN NUMBER :=0)
AS
OBJ_TEAM_ROLES_ARRAY contains create or replace TYPE OBJ_TEAM_ROLES_ARRAY AS TABLE OF OBJ_TEAM_ROLES;
TeamMembersDetailsOT contains the same attributes defined in the OBJ_TEAM_ROLES.A few things.
You are not using a JDBC Array type in your procedure, you are using a PLSQL TABLE type. An Array type would be a VARRAY in Oracle. EclipseLink supports both VARRAY and TABLE types, but TABLE types are more complex as Oracle JDBC does not support them, they must be wrapped in a corresponding VARRAY type. I assume your OBJ_TEAM_ROLES is also not an OBJECT TYPE but a PLSQL RECORD type, this has the same issue.
Your procedure does not return a result set, so "returnsResultSet=true" should be "returnsResultSet=false".
In general I would recommend you change your stored procedure to just return a select from a table using an OUT CURSOR, that is the easiest way to return data from an Oracle stored procedure.
If you must use the PLSQL types, then you will need to create wrapper VARRAY and OBJECT TYPEs. In EclipseLink you must use a PLSQLStoredProcedureCall to access these using the code API, there is not annotation support. Or you could create your own wrapper stored procedure that converts the PLSQL types to OBJECT TYPEs, and call the wrapper stored procedure.
To map to Oracle VARRAY and OBJECT TYPEs the JDBC Array and Struct types are used, these are supported using EclipseLink ObjectRelationalDataTypeDescriptor and mappings. These must be defined through the code API, as there is currently no annotation support.
I could not find any good examples or doc on this, your best source of example is the EclipseLink test cases in SVN,
http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/foundation/eclipselink.core.test/src/org/eclipse/persistence/testing/tests/plsql/
http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/foundation/eclipselink.core.test/src/org/eclipse/persistence/testing/tests/customsqlstoredprocedures/
James : http://www.eclipselink.org -
NCo 3 crashes when invoking functions that return a time field
I'm using NCo 3 (.NET 2 target framework) with Visual Studio 2010. When I invoke a function that returns time fields (like BAPI_ALM_ORDER_GET_DETAIL) NCo crashes with the following message:
SAP.Middleware.Connector.RfcTypeConversionException: Cannot convert 240000 into TIME (HHmmss)
I'm currently using NCo version 3.0.0.42. Is there a newer version? Obviously this is a bug inside the NCo library which I can't fix from the outside rendering the connector almost useless.
Is this a known problem? Does anyone know if it is already fixed in newer revisions of NCo?I'm using NCo 3.02 (.NET 4 target framework) with Visual Studio 2010.
When I invoke a function that returns date fields (like BAPI_SALESORDER_GETLIST) NCo crashes with the following message:
SAP.Middleware.Connector.RfcTypeConversionException: Cannot convert DOCDATE....
Below is the code I'm using:
Dim customer_orderAPI As IRfcFunction = ecc.Repository.CreateFunction("BAPISALESORDER_GETLIST")
customer_orderAPI.SetValue("CUSTOMER_NUMBER", "0000020000")
customer_orderAPI.SetValue("SALES_ORGANIZATION", "ARCO")
customer_orderAPI.SetParameterActive("MATERIAL", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE_TO", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER", False)
customer_orderAPI.SetParameterActive("TRANSACTION_GROUP", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER_NUMBER", False)
customer_orderAPI.SetParameterActive("MATERIAL_EVG", False)
customer_orderAPI.Invoke(_ecc) 'I receive the error in this line
Dim table As IRfcTable = customer_orderAPI.GetTable("SALES_ORDERS")
Dim returnCode As String = customer_orderAPI.GetStructure("RETURN").GetString("TYPE")
If (returnCode.Equals("E") Or returnCode.Equals("A")) Then
Console.WriteLine(customer_orderAPI.GetStructure("RETURN").GetString("MESSAGE"))
Else
Console.WriteLine("*********** SUCCESS **********")
Console.WriteLine("Number of orders is .", table.RowCount)
End If
Does anyone know what is the issue and how to fix it? -
NCo 3.02 crashes when invoking functions that return a date field
I'm using NCo 3.02 (.NET 4 target framework) with Visual Studio 2010.
When I invoke a function that returns date fields (like BAPI_SALESORDER_GETLIST) NCo crashes with the following message:
SAP.Middleware.Connector.RfcTypeConversionException: Cannot convert DOCDATE....
Below is the code I'm using:
Dim customer_orderAPI As IRfcFunction = ecc.Repository.CreateFunction("BAPISALESORDER_GETLIST")
customer_orderAPI.SetValue("CUSTOMER_NUMBER", "0000020000")
customer_orderAPI.SetValue("SALES_ORGANIZATION", "ARCO")
customer_orderAPI.SetParameterActive("MATERIAL", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE_TO", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER", False)
customer_orderAPI.SetParameterActive("TRANSACTION_GROUP", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER_NUMBER", False)
customer_orderAPI.SetParameterActive("MATERIAL_EVG", False)
customer_orderAPI.Invoke(_ecc) ' >>>> I receive the error in this line
Dim table As IRfcTable = customer_orderAPI.GetTable("SALES_ORDERS")
Dim returnCode As String = customer_orderAPI.GetStructure("RETURN").GetString("TYPE")
If (returnCode.Equals("E") Or returnCode.Equals("A")) Then
Console.WriteLine(customer_orderAPI.GetStructure("RETURN").GetString("MESSAGE"))
Else
Console.WriteLine("*********** SUCCESS **********")
Console.WriteLine("Number of orders is .", table.RowCount)
End If
Does anyone know what is the issue and how to fix it?I'm using NCo 3.02 (.NET 4 target framework) with Visual Studio 2010.
When I invoke a function that returns date fields (like BAPI_SALESORDER_GETLIST) NCo crashes with the following message:
SAP.Middleware.Connector.RfcTypeConversionException: Cannot convert DOCDATE....
Below is the code I'm using:
Dim customer_orderAPI As IRfcFunction = ecc.Repository.CreateFunction("BAPISALESORDER_GETLIST")
customer_orderAPI.SetValue("CUSTOMER_NUMBER", "0000020000")
customer_orderAPI.SetValue("SALES_ORGANIZATION", "ARCO")
customer_orderAPI.SetParameterActive("MATERIAL", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE", False)
customer_orderAPI.SetParameterActive("DOCUMENT_DATE_TO", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER", False)
customer_orderAPI.SetParameterActive("TRANSACTION_GROUP", False)
customer_orderAPI.SetParameterActive("PURCHASE_ORDER_NUMBER", False)
customer_orderAPI.SetParameterActive("MATERIAL_EVG", False)
customer_orderAPI.Invoke(_ecc) ' >>>> I receive the error in this line
Dim table As IRfcTable = customer_orderAPI.GetTable("SALES_ORDERS")
Dim returnCode As String = customer_orderAPI.GetStructure("RETURN").GetString("TYPE")
If (returnCode.Equals("E") Or returnCode.Equals("A")) Then
Console.WriteLine(customer_orderAPI.GetStructure("RETURN").GetString("MESSAGE"))
Else
Console.WriteLine("*********** SUCCESS **********")
Console.WriteLine("Number of orders is .", table.RowCount)
End If
Does anyone know what is the issue and how to fix it? -
I want to parse a SAML assertion from an Identity Provider and use some
of the data for identity injection. Anyway, the java identity injection
plug-in can not access the SAML assertion, it can only access the
username and password using the ExternalDataFillerContext object.
Is it possible to extend tha authentication class to parse the SAML
assertion and write out the data to the customisation profile? Which
method or property returns the SAML assertion?
Thank you,
Alessandro
afolli
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=398904Hi. Thanks for the answer.
I have two federated domains. The user requests a resource on domainA
and he's redirected to IdpA for authentication. The user authenticate on
IdpB and returns back. At this point I need to extract some info from
the SAML assertion returned by IdpB.
Do you think it's possible?
Thanks,
Alessandro
mumasankar;1926007 Wrote:
> The assertions are not stored on the session. It is little confusing
> when you say you want to parse a SAML assertion from authentication
> class. Usually, after authentication is done (after authentication class
> finished exectuing), the response will be generated by the IDP and
> assertion cration is part of the response.
>
> Can you please give details of your use case ?
>
> Regards,
> Uma.
afolli
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=398904 -
Soap layer error when trying to invoke a webservice.
Hi,
I am new to Weblogic.
I have an issue while invoking the webservice of a webmethods application.
I am invoking that webservice using rpc call (call.invoke() method of javax.xml.rpc api).
Please find error description occured in the Server logs of weblogic server.
Exception while invoking the service call Message is :failed to invoke operation '__incidentReqInput' due to an error in the soap layer(SAAJ);
nested exception is: Message[Found SOAPElement
[<m:payload xmlns:m="http://www.abc.com/gs/solutions/message"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true">
</m:payload>]. But was not able to find a Part that is registered with this Message which corresponds to this SOAPElement. Th
e name of the element should be one of these[__bea_noname_result]]StackTrace[
javax.xml.soap.SOAPException: Found SOAPElement [<m:payload xmlns:m="http://www.abc.com/gs/solutions/message"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true">
</m:payload>]. But was not able to find a Part that is registered with this Message which corresponds to this SOAPElement. Th
e name of the element should be one of these[__bea_noname_result]
at weblogic.webservice.core.DefaultMessage.toJava(DefaultMessage.java:478)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:325)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:566)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:419)
at com.gs.customerbonding.hub.httpHandler.WSResponseSenderImpl.sendResponse(WSResponseSenderImpl.jcs:370)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.bea.wlw.runtime.core.dispatcher.DispMethod.invoke(DispMethod.java:371)
at com.bea.wlw.runtime.core.container.Invocable.invoke(Invocable.java:423)
at com.bea.wlw.runtime.core.container.Invocable.invoke(Invocable.java:396)
at com.bea.wlw.runtime.jcs.container.JcsProxy.invoke(JcsProxy.java:381)
at $Proxy106.sendResponse(Unknown Source)
Any help is highly appreciated.
Regards
NagI am not using any wsdl file. I'm trying to invoke a webservice that is at client's end (using RPC call). Mine is a generic server program. When i'm calling other clients using the same method, im not facing any issues. Only for 1 particular end-point i'm getting the above exception. Any suggestions?
-
Invalid security error when invoking secure webservice using SAML tokens
I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
Thanks;
-Dave.
*[Sample message from client]*
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
<wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
<saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml2:AttributeValue>
<hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml2:AttributeValue>
<hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&1.1&ISO</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
<saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
<saml2:Evidence>
<saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
<saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
<saml2:AttributeStatement>
<saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2:Evidence>
</saml2:AuthzDecisionStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
/Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
iqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml2:Assertion>
<ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body>
<ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
<ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
<ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
<ns4:Slot name="$XDSDocumentEntryStatus">
<ns4:ValueList>
<ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
<ns4:Slot name="$XDSDocumentEntryPatientId">
<ns4:ValueList>
<ns4:Value>'1012581676V377802^^^&2.16.840.1.113883.4.349&ISO'</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
</ns4:AdhocQuery>
</ns3:AdhocQueryRequest>
</S:Body>
</S:Envelope>
*[Response from server:]*
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
*[webservice WSDL]*
<?xml version="1.0" encoding="UTF-8"?>
<!--
Adapter Document Query WSDL
-->
<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
name="AdapterDocQuerySecured"
targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
<documentation>Adapter Document Query</documentation>
<types>
<xsd:schema>
<xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
schemaLocation="../schemas/ebRS/query.xsd"/>
<xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
</xsd:schema>
</types>
<message name="RespondingGateway_CrossGatewayQueryRequestMessage">
<part name="body"
element="query:AdhocQueryRequest"/>
</message>
<message name="RespondingGateway_CrossGatewayQueryResponseMessage">
<part name="body"
element="query:AdhocQueryResponse"/>
</message>
<portType name="AdapterDocQuerySecuredPortType">
<operation name="RespondingGateway_CrossGatewayQuery">
<input name="RespondingGateway_CrossGatewayQueryRequest"
message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
<output name="RespondingGateway_CrossGatewayQueryResponse"
message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
</operation>
</portType>
<binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
<operation name="RespondingGateway_CrossGatewayQuery">
<soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
<input name="RespondingGateway_CrossGatewayQueryRequest">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
</input>
<output name="RespondingGateway_CrossGatewayQueryResponse">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
</output>
</operation>
</binding>
<service name="AdapterDocQuerySecured">
<port name="AdapterDocQuerySecuredPortSoap11"
binding="tns:AdapterDocQuerySecuredBindingSoap11">
<soap:address
location="https://localhost:7002/NHINAdapterDocQuerySecured" />
</port>
</service>
<!-- Define action property on each receiving message -->
<vprop:property name="action" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:action"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>action</vprop:query>
</vprop:propertyAlias>
<!-- Define resource property on each receiving message -->
<vprop:property name="resource" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:resource"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>resource</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseRoleCode property on each receiving message -->
<vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystem property on each receiving message -->
<vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystemName property on each receiving message -->
<vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseDisplayName property on each receiving message -->
<vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define userFirstName property on each receiving message -->
<vprop:property name="userFirstName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userFirstName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userFirstName</vprop:query>
</vprop:propertyAlias>
<!-- Define userMiddleName property on each receiving message -->
<vprop:property name="userMiddleName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userMiddleName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userMiddleName</vprop:query>
</vprop:propertyAlias>
<!-- Define userLastName property on each receiving message -->
<vprop:property name="userLastName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userLastName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userLastName</vprop:query>
</vprop:propertyAlias>
<!-- Define userName property on each receiving message -->
<vprop:property name="userName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userName</vprop:query>
</vprop:propertyAlias>
<!-- Define userOrganization property on each receiving message -->
<vprop:property name="userOrganization" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userOrganization"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userOrganization</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCode property on each receiving message -->
<vprop:property name="userRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystem property on each receiving message -->
<vprop:property name="userRoleCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystemName property on each receiving message -->
<vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeDisplayName property on each receiving message -->
<vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define expirationDate property on each receiving message -->
<vprop:property name="expirationDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:expirationDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>expirationDate</vprop:query>
</vprop:propertyAlias>
<!-- Define signDate property on each receiving message -->
<vprop:property name="signDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:signDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>signDate</vprop:query>
</vprop:propertyAlias>
<!-- Define contentReference property on each receiving message -->
<vprop:property name="contentReference" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:contentReference"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>contentReference</vprop:query>
</vprop:propertyAlias>
<!-- Define content property on each receiving message -->
<vprop:property name="content" type="xsd:base64Binary"/>
<vprop:propertyAlias propertyName="tns:content"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>content</vprop:query>
</vprop:propertyAlias>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
<sc:KeyStore wspp:visibility="private"
aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
<sc:TrustStore wspp:visibility="private"
callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV20Token11/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<plnk:partnerLinkType name="AdapterDocQuerySecured">
<!-- A partner link type is automatically generated when a new port type is added.
Partner link types are used by BPEL processes. In a BPEL process, a partner
link represents the interaction between the BPEL process and a partner service.
Each partner link is associated with a partner link type. A partner link type
characterizes the conversational relationship between two services. The
partner link type can have one or two roles.-->
<plnk:role name="AdapterDocQuerySecuredPortTypeRole"
portType="tns:AdapterDocQuerySecuredPortType"/>
</plnk:partnerLinkType>
</definitions>
Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
Edited by: dvazquez1027 on Feb 25, 2010 5:22 PMHi
yes, I had the same issue and I found a solution.
You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
java.util.Map context = provider.getRequestContext();
context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);
This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
Please note that is evidently a non-comformity to the specs of microsoft:
Please give a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
and also at:
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
(3.4 Identifying and Referencing Security Tokens)
A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
assertions. [...]
All conformant implementations MUST be able to process SAML assertion references occurring in a
<wsse:Security> header or in a header element other than a signature to acquire the corresponding
assertion. A conformant implementation MUST be able to process any such reference independent of the
confirmation method of the referenced assertion.
It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
ciao
carlo -
SAP to consume third party webservice that requires saml authentication
Hi All,
I am able to invoke our thirdparty webservice from soapUI, but it is a two step procedure, This is how it works in SoapUI:
step 1) first send below predefined message, embeded with username and pwd in the header:
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>myusername</wsse:Username>
<wsse:Password>mypwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP:Header>
<SOAP:Body>
<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<samlp:AuthenticationQuery>
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">myusername</saml:NameIdentifier>
</saml:Subject>
</samlp:AuthenticationQuery>
</samlp:Request>
</SOAP:Body>
</SOAP:Envelope>
after this, we are got the response as:
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Header>
<header xmlns="http://schemas.thirdparty.com/General/1.0/">
</header>
</SOAP:Header>
<SOAP:Body>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#A18A90576-64FD-71E0-A9BC-286444658733">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>LzlvRhszr3qlOTG7AZX8i+yKvRI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>qc1x+84wkkPrf76dHW2HJ...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIB3I.....NBgkqhk</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="samlp:Success"/>
</samlp:Status>
<saml:Assertion AssertionID="A18A90576.." xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2011-01-25T09:14:54.045Z" NotOnOrAfter="2011-01-25T17:19:54.045Z"/>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">myusername</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
<samlp:AssertionArtifact>MDGH....RbY6qHUFcO</samlp:AssertionArtifact>
</samlp:Response>
</SOAP:Body>
</SOAP:Envelope>
step 2) from the above response body, use the Signature elemenent, and saml:Assertion element as part of header of the original request, so the actual request in soapUI has become:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:product="http://mytp/myfunctionality">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Signature> ...</Signature>
<saml:Assertion>..</saml:Assertion>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<product:isProductAvailable>
<product:ProductNAME>myproduct</product:ProductNAME>
<product:ProductYEAR>2010</product:ProductYEAR>
</product:isProductAvailable>
</soapenv:Body>
</soapenv:Envelope>
after sending this above request, we are getting the desired response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:product="http://mytp/myfunctionality">
<soapenv:Header>
</soapenv:Header>
<soapenv:Body>
<isProductAvailableResponse xmlns="http://mytp/myfunctionality">
<isProductAvailable>true</isProductAvailable>
</isProductAvailableResponse>
</soapenv:Body>
</soapenv:Envelope>
If we want to implement the same functionality using abap consumer proxy, do we need to invoke with two different requests,
is there any efficient way, where we can specify the values of <wsse:Username> and <wsse:Password>, and invoke with original payload.
is there any config in SOAMANAGER, to specify the saml releated settings, for the consumer proxy.
what could be the simplest way to consume this webservice in sap.
thanks in advance, BJagdishwar.Hi,
Please create logical port using wsdl directly it will apply required settings in LP. You can also ask for client certificate which you can apply while calling 3rd party services. To me this seems X509 client certificate authentication.
You can also create LP manually by giving SAP SAML authentication and save. Next time when you edit LP you will be able to see plenty of option to configure required settings.
Please note that not all security methods are supported by SAP.
Regards,
Gourav -
Invoking a web service that returns binary
Hi,
Is it possible to invoke a web service that returns a binary object?
Its similar the following example but I need to return a binary object :
declare
v_url:='http://www.somesite.com/function_name?invoke=placeOrder&par1=val1'
v_output varchar2(4000);
begin
select utl_http.request(v_url)
into v_output from dual;
end;
Thanks in advanceNo "advantage" as there are two very different tools.
UTL_HTTP is basically an Oracle PL/SQL web browser. It uses the HTTP application protocol. It is just like your ordinary browser (IE, Firefox, Opera), but as it is server-side and display-less, it comes without a rendering engine.
UTL_DBWS is to interact with web services using the SOAP application protocol. -
BPEL build error when invoke an extrenal Web Service that returns an Array
Hello,
I built with JDeveloper a web service that returns an Array of Java Bean classes and I try to invoke this web service from a BPEL process. The wsdl file is automatically generated by the JDev. When I built the BPEl project I obtained the following error:
[bpelc] [Error] :-1:-1: src-resolve.4.2: Error resolving component 'SOAP-ENC:Array'. It was detected that 'SOAP-ENC:Array' is in namespace 'http://schemas.xmlsoap.org/soap/encoding/', but components from this namespace are not referenceable from schema document 'http://malangiu-ro:8988/cde-Project-context-root/CdeFactoryWS?WSDL'. If this is the incorrect namespace, perhaps the prefix of 'SOAP-ENC:Array' needs to be changed. If this is the correct namespace, then an appropriate 'import' tag should be added to 'http://malangiu-ro:8988/cde-Project-context-root/CdeFactoryWS?WSDL'.
[bpelc] [Error] :-1:-1: src-resolve.4.2: Error resolving component 'SOAPENC:Array'. It was detected that 'SOAPENC:Array' is in namespace 'http://schemas.xmlsoap.org/soap/encoding/', but components from this namespace are not referenceable from schema document 'http://malangiu-ro:8988/cde-Project-context-root/Top300FactoryWS?WSDL'. If this is the incorrect namespace, perhaps the prefix of 'SOAPENC:Array' needs to be changed. If this is the correct namespace, then an appropriate 'import' tag should be added to 'http://malangiu-ro:8988/cde-Project-context-root/Top300FactoryWS?WSDL'.
[bpelc] [Error] :-1:-1: src-resolve.4.2: Error resolving component 'SOAP-ENC:Array'. It was detected that 'SOAP-ENC:Array' is in namespace 'http://schemas.xmlsoap.org/soap/encoding/', but components from this namespace are not referenceable from schema document 'http://malangiu-ro:8988/cde-Project-context-root/CdeFactoryWS?WSDL'. If this is the incorrect namespace, perhaps the prefix of 'SOAP-ENC:Array' needs to be changed. If this is the correct namespace, then an appropriate 'import' tag should be added to 'http://malangiu-ro:8988/cde-Project-context-root/CdeFactoryWS?WSDL'.
Any hint? Thanks in advance!
Regards,
MarinelHi,
BPEL and BPEL PM do not have a good support for SOAPENC-Array: it would be very difficult to create such an array in BPEL or to receive it and manipulate it.
The (unfortunately very intrusive) work around is to change the WSDL of the service to use a XML type defined using XML schema. This is all the more painful that JDev 9.0.4 does not have strong support for complex types.
In general though, I would highly recommend this best practice:
1) Start by define the WSDL contract first
2) Then generate the server side skeleton to implement it
3) Use BPEL as the client to this contract.
By starting with the contract first, you make sure that 1) your interfaces are clean and coarse grained.
2) things like java objects, sessions, etc to not leak through the interface (which would be the worst thing that could happen because it would closely link the client and the server.
Sorry for not being more helpful. This will get radically cleaner in Oracle AS 10.1.3.
Edwin -
SAML Assertion ID already in cache -- returning SC_FORBIDDEN
We are using WLS 10.3 and getting a SAML Assertion IDI already in cache -- returning SC_FORBIDDEN.
Any clue as to how or why this would happen or resolution.
Also we are in a Managed Server Cluster Environemnt.
thanks
ftHi Hao,
Regarding claims based issue, I suggest you refer to experts from the following forum to get professional support:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Thank you for your understanding and support.
Best Regards,
Amy -
Available webservice/tool that returns the physical qry from logical qry?
Is there any obiee webservice or program that returns the physical query by receiving the logical query as a parameter ?
What we are looking for is to have a "process" that use the logic that bi server has to resolve the reports using the metadata (rpd) to derive the physical query.
It should be like the logic that is behind the "issue direct sql" function. But instead of pasting the logical query into the text box we will be passing it as a parameter in a custom process.
Many thanks,
Georgina800 by 800 pixel file @ 300 DPI:
Guide @ random position:
800 by 800 pixel file @ 300 DPI:
Guide @ 40,341 mm
One selection drawn from the left, one from the right.
The border of the selection should be on the same left-right-position, but differs about one pixel (these are all zoomed in). -
Hi Folks,
I needed your expert advice here related to the OWSM error in the SOA log:
Caused by: FAULT CODE: InvalidSecurityToken FAULT MESSAGE: Found invalid condition "not before" in SAML assertion. Current Time:Fri Feb 22 06:59:18 EST 2013, clockSkew:360000 milli seconds, NotBefore Time:Fri Feb 22 07:12:29 EST 2013
My test SOA server on Windows based box is integrated correctly into the Oracle Fusion Apps. The tasks in my SOA server need to be seen on Oracle Fusion Apps Worklist, but due to clockSkew the above error is hit. Could you please advise a resolution? I tried Windows "net time" command to time sync my server time with that of the Fusion Apps server. But, that did not work as it was a Linux box.
SOA log trace:
[2013-02-22T06:55:19.363-05:00] [soa_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wCfGg29xWGpIwP5if0006SK000H4B,1:23756:2:1] [APP: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] An error occurred for port: {http://xmlns.oracle.com/bpel/workflow/taskQueryService}TaskQueryServicePort: oracle.fabric.common.PolicyEnforcementException: InvalidSecurity : error in processing the WS-Security security header.
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07618] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failed to execute the assertion "WSSecurity SAML Token" in the conditional policy. InvalidSecurityToken : The security token is not valid.[[
oracle.wsm.common.sdk.WSMException: InvalidSecurityToken : The security token is not valid.
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:156)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:294)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:231)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:193)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:240)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:377)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:313)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:221)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:598)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:572)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:137)
... 43 more
Caused by: javax.security.auth.login.LoginException
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:122)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:235)
... 49 more
Caused by: FAULT CODE: InvalidSecurityToken FAULT MESSAGE: Found invalid condition "not before" in SAML assertion. Current Time:Fri Feb 22 06:59:18 EST 2013, clockSkew:360000 milli seconds, NotBefore Time:Fri Feb 22 07:12:29 EST 2013.
at oracle.security.jps.internal.jaas.module.saml.SAMLUtils.verifyNotBefore(SAMLUtils.java:92)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verifyConditions(JpsSAMLVerifier.java:223)
at oracle.security.jps.internal.jaas.module.saml.JpsSAMLVerifier.verify(JpsSAMLVerifier.java:124)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.verify(JpsSamlAssertor.java:90)
at oracle.security.jps.internal.jaas.module.saml.JpsSamlAssertor.assertToken(JpsSamlAssertor.java:67)
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:102)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:707)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:235)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:377)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:313)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:224)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:598)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:574)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:141)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:295)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:232)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:194)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
... 9 more
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07618] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failed to execute the assertion "WSSecurity UserName Token" in the conditional policy. InvalidSecurity : error in processing the WS-Security security header[[
oracle.wsm.common.sdk.WSMException: InvalidSecurity : error in processing the WS-Security security header
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:197)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:562)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:669)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:480)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:340)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:294)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1001)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:470)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:231)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:193)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.wsm.security.SecurityException: WSM-00265 : The Username token is missing in the security header. Ensure that there is a Username token policy attached on the client side. Tokens found in the security header are :- [(saml:Assertion), ].
at oracle.wsm.security.policy.scenario.processor.UsernameTokenProcessor.verify(UsernameTokenProcessor.java:241)
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:129)
... 43 more
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failure in WS-Policy Execution due to exception.
[2013-02-22T06:59:18.613-05:00] [soa_server1] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004p^wQwJi29xWGpIwP5if0006SK000GFk,1:23758:3:1] [WSM_POLICY_NAME: oracle/wss_saml_or_username_token_service_policy] [WEBSERVICE_PORT.name: TaskQueryServicePort] [APP: soa-infra] [J2EE_MODULE.name: integration/services/TaskQueryService] [WEBSERVICE.name: TaskQueryService] [J2EE_APP.name: soa-infra] [URI: /homePage/faces/AtkHomePageWelcome] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=soa-infra, composite=null, modelObj=TaskQueryService, policy=oracle/wss_saml_or_username_token_service_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.we got the update and this has been resolved as we have installed weblogic 10.
-
Can any one tell me what SAML assertion is all about?? and I just want to try out sample steps pertaining to SAML assertion in my policy editor.
So Can any one of you kindly tell me a simple use case that you have tried out with SAML assertion. In the sense what all steps are to be added in the request pipeline ... and what are the configuration points in each step....
I am stuck up with this usecase.
Can any one of you owsm gurus can teach me with this...
and at the same time can you guys suggest to me a sample document where I can get a usecase pertaining to SAML Assertion and WS-SecurityThanks for your prompt reply Yogesh. I have created the keystore using the keytool utility. (say keystore location=C:\helloworld.jks and keystorepassword=welcome1)This is what the password that I created.
Firstly,
Creating keystore: I have used the commad some thing like;
C:\>keytool -v -genkey -keyalg RSA -keysize 1024 -keystore owsm_client -storepas
s clientpass -alias client -keypass client
What is your first and last name?
[Unknown]: manoj
What is the name of your organizational unit?
[Unknown]: ebi
What is the name of your organization?
[Unknown]: wipro
What is the name of your City or Locality?
[Unknown]: bangalore
What is the name of your State or Province?
[Unknown]: karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN="manoj ", OU=ebi, O=wipro, L=bangalore, ST=karnataka, C=IN correct?
[no]:
Is CN="manoj ", OU=ebi, O=wipro, L=bangalore, ST=karnataka, C=IN correct?
[no]:
What is your first and last name?
[manoj ]: manoj
What is the name of your organizational unit?
[ebi]: ebi
What is the name of your organization?
[wipro]: wipro
What is the name of your City or Locality?
[bangalore]: bangalore
What is the name of your State or Province?
[karnataka]: karnataka
What is the two-letter country code for this unit?
[IN]: IN
Is CN=manoj, OU=ebi, O=wipro, L=bangalore, ST=karnataka, C=IN correct?
[no]: yes
Generating 1,024 bit RSA key pair and self-signed certificate (MD5WithRSA)
for: CN=manoj, OU=ebi, O=wipro, L=bangalore, ST=karnataka, C=IN
[Storing owsm_client]
C:\>keytool -keystore Helloworld.jks -genkey -keyalg RSA -alias Helloworld -dnam
e "cn=IN, ou=ebi, o=wipro, L=bangalore, ST=karnataka"
Enter keystore password: welcome1
Enter key password for <Helloworld>
(RETURN if same as keystore password): welcome1
This is what I did. So I guess creation part of the keystore is done.
Now I ll tell you the steps that I have used:
In my request pipeline (gateway):
1>extract credentials
2>file authenticate(against .htpasswd)
3>insert saml token 1.0 vouches
(Key store location is specified above)a nd signature method was RSA-MD5)
After this I committed the policy and then tried to test my page.
The fault that it was throwing was: FAULT MESSAGE: Signing error:FAULT CODE: InvalidSecurity FAULT MESSAGE: Signature key not found
can you please tell me why is the signature key not found despite of creating a java key store. Is is possible that the signature key is not found because of that certificate?
can you please tell me what kind of certificate that I should take from verisign SSL test certificate or anything else.
I hope you would revert to me as soon as possible and could you kindly send me the link where I might get that test certificate.
I do have some doubts in policy editor options:
what does that "assertion issuer " do
what is that "subject format" (I made it as unspecified. If so how do I send that format)
what does this do User Attributes for attribute statements string[]
what does this do Corresponding namespace URIs for the user attributes string[]
----------------------------------------------------------------------------------------------------------------------- I am thinking of a scenario something like this.
In the test page I ll be sending the request
The policy manager of the gateway intercepts and does the following:
1)it ll extract credentials(based on standard user name and token(WS-Basic))
2)It authenticates the user against a file(.htpasswd)
3)upon successful authentication,the next step would be Inserting saml token1.0 sender's vouches)step
This ends the gateway part.........
The request is then passed to the webservice and the request is intercepted by the serveragent before sending the request to the webservice.
The serveragent does the following:
3)verifies saml token that is created by the gateway before and upon successful verification it sends the request to the webservice.
So I think (correct me if I am wrong) I need to make the policies in the request pipelines of the gateway and the serveragent. I don't want to lay any policy on the response message as of now.
Could you tell me if this scenario works fine with owsm?
could you tell me what is that keystore doing for me?
Hope you would do the needful and revert to me as soon as possible
Thanks and regards
Mahes -
Erroe while invoking a process (could not validate SAML)
Hi,
I am getting the following error while invoking a process from
Weblogic Portal Server.The invocation happens properly always but
after frequent intervals(approx 1-1.5 hrs) this error comes.Then if
the Portal Server(the client which is invoking the process) is
restarted again it works properly.
This is very urgent to resolve.Any pointers to this will be very
helpful.
Thannks in advance,
Leena Jain
Stack Trace of the error:
ALC-DSC-215-000: com.adobe.idp.dsc.DSCAuthenticationException: None of
the Auth Provider could authenticate the user. Authentication Failed
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:157)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke
(AbstractMessageReceiver.java:312)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall
(SoapSdkEndpoint.java:138)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke
(SoapSdkEndpoint.java:81)
at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis.providers.java.RPCProvider.invokeMethod
(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage
(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke
(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:
281)
at org.apache.axis.transport.http.AxisServlet.doPost
(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
727)
at org.apache.axis.transport.http.AxisServletBase.service
(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
820)
at weblogic.servlet.internal.StubSecurityHelper
$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet
(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute
(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter
(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at
com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter
(InvocationFilter.java:43)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext
$ServletInvocationAction.run(WebAppServletContext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs
(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown
Source)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute
(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute
(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run
(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: | [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion| [IDPLoggedException]
errorCode:12804 errorCodeHEX:0x3204 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:246)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:192)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertionCheck
(AuthenticationManagerImpl.java:587)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertion
(AuthenticationManagerImpl.java:552)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:132)
... 33 moreThis happens due to expiry of the SAML assertion that the client has. Have a look at the Renew Assertion Recipe at the cookbook site
Maybe you are looking for
-
Performance with 10.5.5
Does anyone have any noteworthy experience with 7.2.3 and OSX 10.5.5? I'm on an Intel machine, currently on 10.5.2, because I heard about some performance issues with .3 and .4. Thanks.
-
i just created a new apple id for my self and when i go to update an app it shows my moms email and she wont tell me her password how do i get my email to show up
-
I write a xml file as following: <?xml version="1.0" encoding="GB2312"?> <?xml-stylesheet href="xsl/order_edit.xsl" type="text/xsl"?> <Order> <Sales>张三</Sales> <Value>张三</Value> </Order> and the order_edit.xsl is as follwing: <?xml version=
-
Error -1073807346 will get away when i run VI for second time
This is the weird thing i open the vi for the first time and run it and it will put out the error : Error -1073807346 occurred at VISA Open in Prompt for com port.vi Possible reason(s): VISA: (Hex 0xBFFF000E) The given session or object reference is
-
Appying a general severity to a server or group of servers
Hi All, We have recently begun to deploy scom 2012 within our company and we are currently building out our system. Basically, in our organisation, we have servers that are critical to production, and some that are not, depending on which goes down o