How to use security token in WLS 9.2
I am using Workshop with Weblogic Server 9.2 to implement a Web services with security token (UsernameToken). I have successfully create the web services by using @Policy(uri="Policy:Auth.xml", direction=Policy.Direction.inbound). I use the default authentication provider and SOAP login is fine now. The question for me is how can I get back the userid in my server side program of the authenticated user?
Example:
@WebService
@Policy(uri="Policy:Auth.xml", direction=Policy.Direction.inbound)
public class WebServiceServer implements Serializable{
public String getLoginUserID(){
String user = <sometime method call to get the authenticated user id>;
return userid;
Please help and many thanks in advance.
Hi Christian_nor,
The current version of the Modbus LabVIEW Library is only officially supported in LabVIEW 7.1, but can be manually installed in LabVIEW 8.0 and later. The installer for the current version of the Modbus LabVIEW Library looks in the Windows registry for the presence of LabVIEW 7.1, and will not install if the LabVIEW 7.1 registry key is not found.
The installer at this link will automatically place the nimodbus.mnu and NI Modbus.llb in the appropriate folders in the LabVIEW 8.2 directory. You should be able to edit the programs as normal in LabVIEW 8.2 once these files are installed in the LabVIEW 8.2 directory.
Let me know if you have any questions!
Chris R.
Applications Engineer
National Instruments
Similar Messages
-
How to use security zone in WebDynpro
Hi.
I want to use security zone in WebDynpro for java like PDK.
Is it possible?
if possible, plz explain detail how to use security zone.Hi,
You can locate the <i>portalapp.xml</i> file for a WD project inside the <i>gen_wdp</i> folder. Check if you can add the <i><component-config></i> tag and others in the <i><webdynpro></i> section of the file.
Regards,
Satyajit. -
How to add Security Token / Username/Password on WSDL?
Hello,
I have made a BPEL process i.e. exposed as a http WebService. I want to use Security Token on it. Because of Security reason I don't want anyone able to call my WebService unless they provide us the username and password.
Thanks.See
Disabling
Remote Development Services
If you use Macromedia Dreamweaver MX or Macromedia HomeSite+ to
develop your applications, you can access a remote ColdFusion MX 7
server using HTTP. However, you must configure Remote Development
Services (RDS) in your integrated development environment (IDE),
and RDS must be enabled in ColdFusion MX 7. Using RDS, IDE users
can securely access remote files and data sources, build SQL
queries from these data sources, and debug CFML code.
Note: The ColdFusion Report Builder uses RDS for the Query
Builder and for charting support.
However, for security reasons, Macromedia recommends that you
disable RDS on a production server. To disable it, you must disable
the RDSServlet mapping.
You actually configure your data sources through the
ColdFusion Administrator (and I guess through Dreamweaver too,
although I have never used it myself), but RDS lets you work with
them. Bottom line, if you allow your developer access to ColdFusion
via RDS, then they will have all of the privileges that are allowed
to the data source for the account that is configured in the
ColdFusion administrator for that database.
Phil -
How to get security token from header?
How can I generally access to the header information of the soap envelope of the ws request in a soa suite (11.1.1.6.0) component?
(I need for the wsse Security token /username and password/ and addressing information in my composite. I need an own algorithm of authentication to use and implement.)
I use BPEL process now, and found bpelx:headerVariable probably for that, but in JDeveloper expression builder there is no option for that in BPEL Extension Functions.
Thankspblock_findval("proxy-ip", rq->headers)
-
How to use security roles in Weblogic server?
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari. -
How to get security token from a URL in BPM
Hi,
I need to get a security token from a url in a business process.
The URL is like:
https://services.sapo.pt/STS/GetToken?ESBUsername=test&ESBPassword=test1
If I paste it on the browser i get the token in the form:
<ESBToken>
a7d1cd4e20c9c1b437513d434abbfee83b1f8f32839b54e6632f2865631303b815547cf898...
</ESBToken>
What is the best way to get and map the token in an Integration Process in SAP XI? Is it possible by user defined function in mapping? How?
Thanks in advance.I am not sure what you want to do!? Do you want to display the image file, save the image file? When you say you don't want it to exit, do you want it to be a persistant application?
-
How to use Connection Pool on WLS 10.0 MP2?
Hello there!
I have a WS and i use ibatis to talk iwth a Oracle DB, but i have a requirement to use connection pool by wls and i dont where should i do this to my application.
I just have this method to the connection
private static void initDb() throws IOException, SQLException {
log.info("Conectando a bd");
String sqlMapResource = "com/app/activacion/db/sqlMapConfig.xml";
Reader reader = Resources.getResourceAsReader(sqlMapResource);
SqlMapClient sqlMapClientIbatis =
SqlMapClientBuilder.buildSqlMapClient(reader,properties);
List<String> n = (List<String>) sqlMapClientIbatis.queryForList("test");
log.debug("n: " + n);
log.info("Conexion a BD realizada.");
And my sqlMapConfig.xml is
<sqlMapConfig>
<settings cacheModelsEnabled="true"
enhancementEnabled="true"
lazyLoadingEnabled="true"
maxRequests="320"
maxSessions="128"
maxTransactions="32"/>
<transactionManager type="JDBC">
<dataSource type="DBCP">
<property name="driverClassName" value="oracle.jdbc.OracleDriver" />
<property name="url" value="${db.connectionURL}" />
<property name="username" value="${db.username}" />
<property name="password" value="${db.password}" />
</dataSource>
</transactionManager>
<sqlMap resource="com/epcs/facturacionpostpago/activacionbb/db/statements.xml" />
</sqlMapConfig>
Can u give me an advice to set the connection pool please?
Thanx in advance!
Edited by: mgaldames on 02-jun-2010 10:54According to a google hit, it looks like you should be able to do something like this:
http://www.j2eegeek.com/blog/2005/01/31/ibatis-where-have-you-been-all-my-life/
First, configure a datasource in the wls console, the example uses:
jdbc/jpetstoreDS
as the JNDI name.
Then it looks like the following syntax works for the mapping that refers to that datasource, keep in mind your servername/port may be different.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sqlMapConfig PUBLIC "-//iBATIS.com//DTD SQL Map Config 2.0//EN" "http://www.ibatis.com/dtd/sql-map-config-2.dtd"?>
<sqlmapconfig>
<settings cacheModelsEnabled="false" enhancementEnabled=" true" lazyLoadingEnabled="true"
maxRequests="32" maxSessions="100" maxTransactions="100" useStatementNamespaces="false"/>
<transactionmanager type="JDBC">
<datasource type="JNDI">
<property name="context.java.naming.factory.initial" value="weblogic.jndi.WLInitialContextFactory"/>
<property name="context.java.naming.provider.url" value="t3://localhost:7001"/>
<property name="DataSource" value="jdbc/jpetstoreDS"/>
</datasource>
</transactionmanager>
<sqlmap resource="com/j2eegeek/ibatis/dao/maps/Account.xml"/>
</sqlmapconfig> -
How to use secure connection parameter in file adapter
Hi all,
I have scenario like FIle to file using ftp protocal over secure connection(FTPS).
i have some doubts like for doing this interface wat infromation i required from my client.
iam able see the option FTPS(FTP USE SSL\TLS) for control connection & control and data conncetions.
if i check the use X.509 certificate for the client authentication
kestore (in the list i can see the some entrys for private keys )
X.509 certificate & private key(i can also see some entries for private key here )
my question am i use the this existing private key & certificates?
if yes which keys & certificates i have to use.
if no wat information i need like private key & certicates from client & how we installed those in the keystore providing by visual admin.
For appearing those entrys in value list of the above parameters key store & X.509 certificate & private key.
please let me know any basis activity involved over here other than keystore deployemnet.
please correct me if any thing wrongly mentioned.
Thanks in Advance.
Edited by: katakoti on Jul 7, 2011 7:36 AMHI Reddy ,
i already read that blog it nice blog. Few my doubts clarfied while reading the that blog.
my quetion is like weathe can we use "service_ssl" key sotre entry for any client FTP server for sending the encrypted files?.
i mean those entries in the keystore & X.509 Certificate and Private Key stanrd or client(sender or reciver) FTP specific
what deatils we require to do this scenario from client end & security team or basis team(firewall configuration like that). -
How to use secure FTP using FTP adapter in PI
Hi,
PI does not give SFTP adapter, for using the SFTP adapter we need some security certificates + we need to purchase the
SFTP adapter.
How to achive SFTP functionality using FTP adapter? We need to do some script coding.
Pl throw some light on this.
Thanks,
KrishnaHI Krishna,
Ref: http://weblogs.sdn.sap.com/cs/blank/view/wlg/22415
http://weblogs.sdn.sap.com/cs/blank/view/wlg/22776
http://aedaptive.com/index.php/solutions/pgp-for-sap-netweaver
Thanks, -
How to use security certificate with Business service
Hi,
Information:
I need to use a security certificate for connection from Business service to legacy system.
I have created PKI mapper in WebLogic console, deployed keystore on server and Service Key Provider in OSB.
I can see can connect the certificate in OSB console through the Service Key Provider.
I have done Authentication setting in the Business service "HTTP Transport Configuration" as "Client Certificate".
Problem:
Now whenever I try to invoke BS, the username, password and security key provider is asked at the prompt. Should not the BS collect security certificate automatically? Again,
when i put username and password as that of WebLogic sbconsole; the error pops up with following message :
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header />
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Failed to process signature.null</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
If I don't supply username password and certificate at the time of invoking the message pops up as : "The service requires a digital signature, you must specify a service key provider which has a digital signature credential."
I think some mistake is done in the above steps, could anybody please clarify?The problem was resolved with upgrade to version 10.1.3.4.
-
Using Saml token profile 1.1 with WLS 10.3
Hi All
I am a Student from IITB. I am trying use message-level authentication for webservices using SAML Token Profile 1.1 on weblogic 10.3. I have done the necessary configuration but I am getting an error
"Unable to add Security Token for Identity ". I Started the SamlCredMapper Debug flag on from the console and saw the logs and I saw that everything is going fine untill at one place it
gives this error
<Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> *<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**
I do not know how to fix this problem. Please Tell me if anyone has any idea about it.
Thanks
regards,
Sanyam
//The Logs are as follows
<Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): initiator = Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310425> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): resource = (null)>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310426> <BEA-000000> <SAMLRPConfigManager.findPartnerInTargetMap():Found partner 'rp_00001'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310436> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310437> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: No valid WLSGroup pricipals found in Subject, continuing>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310439> <BEA-000000> <SAMLNameMapperImpl: mapSubject: Mapped subject: qualifier: null, name: ssouser, groups: []>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310440> <BEA-000000> <SAMLCreateAssertion: Mapped subject 'Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("ssouser")
' to: username='ssouser',qualifier='null',format='urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: No context or subject attribute were mapped>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310442> <BEA-000000> <SAMLCreateAssertion: Groups attribute statement requested but name mapper returned no groups -- groups attribute statement will not be generated>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Creating sender-vouches assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: Assertion IS signed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: KeyInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310445> <BEA-000000> <SAMLCreateAssertion: AttrStmtInfo IS NOT supplied>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject for 'ssouser'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310460> <BEA-000000> <SAMLCreateAssertion: Created SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310475> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Cloning SAMLSubject>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310476> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAuthenticationStatement>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310484> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signing assertion, keyinfo is included>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310508> <BEA-000000> <SAMLSignedObject.sign(): algorithm 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): reference '#b21cfea8d3c90fee97a3100a59b0005e'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310509> <BEA-000000> <SAMLSignedObject.sign(): InclusiveNamespaces '#default saml samlp ds dsig code kind rw typens'>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310542> <BEA-000000> <SAMLSignedObject.sign(): adding certificates>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310556> <BEA-000000> <SAMLSignedObject.sign(): signing object>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLLib> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLSignedObject.sign(): completed>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Signed assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: SAMLCreateAssertion: Created SAMLAssertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCreateAssertion: Returning assertion>
####<Jun 24, 2009 11:28:30 PM IST> <Debug> <SecuritySAMLCredMap> <[ACTIVE] : '1' for queue: ' <1245866310706> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): Returning non-null credential>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311896> <BEA-000000> <SAMLIdentityAsserter: assertIdentity() called>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311897> <BEA-000000> <SAMLIdentityAsserter: SAMLIdentityAsserter: tokenType is 'SAML.Assertion.DOM'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311903> <BEA-000000> <SAMLAssertion: Assertion passed basic validity check>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Target for assertion is: 'http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311905> <BEA-000000> <SAMLAssertion: Assertion issuer is: 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311906> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Searching with key 'sender-vouches:http://usmumsanygoyal1:7001/&http://usmumsanygoyal1:7001/SSOTryService/SSOTestHelloWorld'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAPConfigManager.findPartnerInTargetMap():Found partner 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Found asserting party 'ap_00001'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311907> <BEA-000000> <SAMLAssertion: Assertion is signed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311908> <BEA-000000> <SAMLTrustManager: Looking for certificate alias 'testalias'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311930> <BEA-000000> <SAMLTrustManager: Certificate was found>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311937> <BEA-000000> <SAMLSignedObject.verify(): key supplied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): obtained signed info>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311963> <BEA-000000> <SAMLSignedObject.verify(): validating signature>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLLib> ' <1245866311970> <BEA-000000> <SAMLSignedObject.verify(): completed>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311970> <BEA-000000> <SAMLAssertion: Signature verified using trusted certificate>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <Got signing certificate for signed object: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Assertion subject confirmation method is: 'urn:oasis:names:tc:SAML:1.0:cm:sender-vouches'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311977> <BEA-000000> <SAMLAssertion: Verified subject confirmation method>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer is 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311978> <BEA-000000> <SAMLAssertion: Assertion issuer verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotBefore condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: Assertion contains NotOnOrAfter condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotBefore condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311980> <BEA-000000> <SAMLAssertion: NotOnOrAfter condition satisfied>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has AudienceRestrictionCondition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Found matching audience 'http://usmumsanygoyal1:7001/'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: AudienceRestriction condition satisfied (matching audience)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion has DoNotCache condition>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311981> <BEA-000000> <SAMLAssertion: Assertion conditions verified>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311986> <BEA-000000> <SAMLAssertion: Found subject for name: 'ssouser'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Not found name mapper in the cache, try to create one>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLNameMapperCache.getNameMapper: create SAMLNameMapperImpl name mapper>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeName 'Groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: Looking for AttributeNamespace 'urn:bea:security:saml:groups'>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311987> <BEA-000000> <SAMLAssertion: ProcessGroups is true but did not find expected groups attribute statement>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperCache.getNameMapper: Found name mapper in the cache>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311988> <BEA-000000> <SAMLNameMapperImpl: mapNameInfo: returning name: ssouser>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLNameMapperImpl: mapGroupInfo: returning groups: null>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311989> <BEA-000000> <SAMLIACallbackHandler: SAMLIACallbackHandler(true, ssouser, null)>
####<Jun 24, 2009 11:28:31 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866311996> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLAtn> ' <1245866312002> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ssouser)>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' <1245866312122> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
_####<Jun 24, 2009 11:28:32 PM IST> <Debug> <SecuritySAMLCredMap> ' *<1245866312123> <BEA-000000> **<SAMLCredentialMapperV2: getCredentialInternal(): InvalidParameterException while validating parameters: weblogic.security.service.InvalidParameterException: Unable to generate SAML Assertion: No partner ID or target resource>**_*Client Side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:credential-mapper xsi:type="wls:saml-credential-mapper-v2Type">
<sec:name>SAMLCredentialMapper</sec:name>
<wls:issuer-uri>www.bea.com/demoSAML</wls:issuer-uri>
<wls:name-qualifier>bea.com</wls:name-qualifier>
<wls:signing-key-alias>testalias</wls:signing-key-alias>
<wls:default-time-to-live-delta>-30</wls:default-time-to-live-delta>
<wls:signing-key-pass-phrase-encrypted>{3DES}dOC15C42IEzCnN/klGIdyQ==</wls:signing-key-pass-phrase-encrypted>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:key-store xsi:type="wls:default-key-storeType">
<sec:name>keystore</sec:name>
</sec:key-store>
<sec:name>myrealm</sec:name>
</realm>
Server side
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:saml-identity-asserter-v2Type">
<sec:name>SAMLIdentityAsserter</sec:name>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
Sanyam -
How to create a crystal report using secured web service as a datasource?
Hi All Expert,
I having some challenges on how to create a report using secured web service as a datasource in crystal report designer (CR11 R3).
Secured Web Service including the certificate trusting, token authentication, header and/or body encryption. All web services running on https protocal.
Could you please suggest me on the solution?
Thank you and Best Regards,
CherrPlease re-post if this is still an issue or purchase a case and have a dedicated support engineer work with you directly:
http://store.businessobjects.com/store/bobjamer/DisplayProductByTypePage&parentCategoryID=&categoryID=11522300?resid=-Z5tUwoHAiwAAA8@NLgAAAAS&rests=1254701640551 -
Dear Colleagues,
I am currently developing a J2EE application using WLS 6.1.
My team and I have to implement a security requirement to suit our company's needs.
The security requirements are that, users' password need to be aged (30 days maximum) and we need to provided a GUI front-end (JSP) to allow users to change their password when these expire after 30 days.
Our internal contacts in the company, have already taken the lead to find out about whether we will be able to use the WLS 6.1 platform to do this and the answer we got back, was.
Now we need to develop our own security module.
I have 2 questions:
1. How can we turn off the WLS security in order develop our own application-based security module?
2. How can we develop a security module that allows us to age users' password and provide them with facilities to change their passwords when these expire?
At the moment, we are using the default BEA WebLogic login.jsp page and there some configuration in the web.xml for this. I will be grateful if you could advise me on how to turn this default security off so that we can write our own security module.hi,
1.You can write your own realm in 61 which can plugged for your security
calls.
2. once you write your ownrealm.. you can access it through weblogic
api/ur api..
thanks
kiran
"Richard Koudry" <[email protected]> wrote in message
news:3dd0d081$[email protected]..
Dear Colleagues,
I am currently developing a J2EE application using WLS 6.1.
My team and I have to implement a security requirement to suit ourcompany's needs.
>
The security requirements are that, users' password need to be aged (30days maximum) and we need to provided a GUI front-end (JSP) to allow users
to change their password when these expire after 30 days.
>
Our internal contacts in the company, have already taken the lead to findout about whether we will be able to use the WLS 6.1 platform to do this and
the answer we got back, was.
>
Now we need to develop our own security module.
I have 2 questions:
1. How can we turn off the WLS security in order develop our ownapplication-based security module?
>
2. How can we develop a security module that allows us to age users'password and provide them with facilities to change their passwords when
these expire?
>
At the moment, we are using the default BEA WebLogic login.jsp page andthere some configuration in the web.xml for this. I will be grateful if you
could advise me on how to turn this default security off so that we can
write our own security module. -
Invalid security error when invoking secure webservice using SAML tokens
I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
Thanks;
-Dave.
*[Sample message from client]*
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
<wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
<saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml2:AttributeValue>
<hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml2:AttributeValue>
<hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&1.1&ISO</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
<saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
<saml2:Evidence>
<saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
<saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
<saml2:AttributeStatement>
<saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2:Evidence>
</saml2:AuthzDecisionStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
/Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
iqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml2:Assertion>
<ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body>
<ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
<ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
<ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
<ns4:Slot name="$XDSDocumentEntryStatus">
<ns4:ValueList>
<ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
<ns4:Slot name="$XDSDocumentEntryPatientId">
<ns4:ValueList>
<ns4:Value>'1012581676V377802^^^&2.16.840.1.113883.4.349&ISO'</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
</ns4:AdhocQuery>
</ns3:AdhocQueryRequest>
</S:Body>
</S:Envelope>
*[Response from server:]*
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
*[webservice WSDL]*
<?xml version="1.0" encoding="UTF-8"?>
<!--
Adapter Document Query WSDL
-->
<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
name="AdapterDocQuerySecured"
targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
<documentation>Adapter Document Query</documentation>
<types>
<xsd:schema>
<xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
schemaLocation="../schemas/ebRS/query.xsd"/>
<xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
</xsd:schema>
</types>
<message name="RespondingGateway_CrossGatewayQueryRequestMessage">
<part name="body"
element="query:AdhocQueryRequest"/>
</message>
<message name="RespondingGateway_CrossGatewayQueryResponseMessage">
<part name="body"
element="query:AdhocQueryResponse"/>
</message>
<portType name="AdapterDocQuerySecuredPortType">
<operation name="RespondingGateway_CrossGatewayQuery">
<input name="RespondingGateway_CrossGatewayQueryRequest"
message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
<output name="RespondingGateway_CrossGatewayQueryResponse"
message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
</operation>
</portType>
<binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
<operation name="RespondingGateway_CrossGatewayQuery">
<soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
<input name="RespondingGateway_CrossGatewayQueryRequest">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
</input>
<output name="RespondingGateway_CrossGatewayQueryResponse">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
</output>
</operation>
</binding>
<service name="AdapterDocQuerySecured">
<port name="AdapterDocQuerySecuredPortSoap11"
binding="tns:AdapterDocQuerySecuredBindingSoap11">
<soap:address
location="https://localhost:7002/NHINAdapterDocQuerySecured" />
</port>
</service>
<!-- Define action property on each receiving message -->
<vprop:property name="action" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:action"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>action</vprop:query>
</vprop:propertyAlias>
<!-- Define resource property on each receiving message -->
<vprop:property name="resource" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:resource"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>resource</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseRoleCode property on each receiving message -->
<vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystem property on each receiving message -->
<vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystemName property on each receiving message -->
<vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseDisplayName property on each receiving message -->
<vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define userFirstName property on each receiving message -->
<vprop:property name="userFirstName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userFirstName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userFirstName</vprop:query>
</vprop:propertyAlias>
<!-- Define userMiddleName property on each receiving message -->
<vprop:property name="userMiddleName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userMiddleName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userMiddleName</vprop:query>
</vprop:propertyAlias>
<!-- Define userLastName property on each receiving message -->
<vprop:property name="userLastName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userLastName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userLastName</vprop:query>
</vprop:propertyAlias>
<!-- Define userName property on each receiving message -->
<vprop:property name="userName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userName</vprop:query>
</vprop:propertyAlias>
<!-- Define userOrganization property on each receiving message -->
<vprop:property name="userOrganization" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userOrganization"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userOrganization</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCode property on each receiving message -->
<vprop:property name="userRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystem property on each receiving message -->
<vprop:property name="userRoleCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystemName property on each receiving message -->
<vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeDisplayName property on each receiving message -->
<vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define expirationDate property on each receiving message -->
<vprop:property name="expirationDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:expirationDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>expirationDate</vprop:query>
</vprop:propertyAlias>
<!-- Define signDate property on each receiving message -->
<vprop:property name="signDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:signDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>signDate</vprop:query>
</vprop:propertyAlias>
<!-- Define contentReference property on each receiving message -->
<vprop:property name="contentReference" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:contentReference"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>contentReference</vprop:query>
</vprop:propertyAlias>
<!-- Define content property on each receiving message -->
<vprop:property name="content" type="xsd:base64Binary"/>
<vprop:propertyAlias propertyName="tns:content"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>content</vprop:query>
</vprop:propertyAlias>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
<sc:KeyStore wspp:visibility="private"
aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
<sc:TrustStore wspp:visibility="private"
callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV20Token11/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<plnk:partnerLinkType name="AdapterDocQuerySecured">
<!-- A partner link type is automatically generated when a new port type is added.
Partner link types are used by BPEL processes. In a BPEL process, a partner
link represents the interaction between the BPEL process and a partner service.
Each partner link is associated with a partner link type. A partner link type
characterizes the conversational relationship between two services. The
partner link type can have one or two roles.-->
<plnk:role name="AdapterDocQuerySecuredPortTypeRole"
portType="tns:AdapterDocQuerySecuredPortType"/>
</plnk:partnerLinkType>
</definitions>
Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
Edited by: dvazquez1027 on Feb 25, 2010 5:22 PMHi
yes, I had the same issue and I found a solution.
You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
java.util.Map context = provider.getRequestContext();
context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);
This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
Please note that is evidently a non-comformity to the specs of microsoft:
Please give a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
and also at:
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
(3.4 Identifying and Referencing Security Tokens)
A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
assertions. [...]
All conformant implementations MUST be able to process SAML assertion references occurring in a
<wsse:Security> header or in a header element other than a signature to acquire the corresponding
assertion. A conformant implementation MUST be able to process any such reference independent of the
confirmation method of the referenced assertion.
It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
ciao
carlo -
How to create a client get security token in STS ?
Dear all,
How to create a client get security token in STS(security token service supported by Netweaver7.3) ?
Thanks.Hi Sagarika,
use scc4 for creating a new client
and login to the new client that u created using sap* and pass as password
use sccl over there to do a local client copy
sccl for copying local client
scc9 for remote client copy
Merlin
Maybe you are looking for
-
I gave my old MacBook Pro away and no longer have access to it. I didn't think to deauthorize it first. I DO NOT want it to have access to all music in my iCloud or any music that may have been downloaded sinceI gave away the computer. It now belongs
-
How do I add a submit form button to my form?
I am creating a form in FormsCentral. How do I add an email submit button, as an object, to the form?
-
How to WebDynPro for ABAP?
Hi, I don't know if I am posting on the right forum, if not please let me know where to post. And I thank you in advance for answering my question. I am a ABAP programmer for past few years and just out of interest I want to learn WebDynpro ABAP skil
-
Looking for Classic 9 os software!
Any chance there is still classic 9 os that I could snatch up some where? I have my 2 old imac's that i dumped and relaod 10.3, but then found that all these old games we had for them were for os 9. Now I cant find that cd. We were going to us them j
-
Below is the current query I have that I am looking to tweak. Below that are some results. A customer code could have multiple cards. In this query if the customer is new they will only have one card listed. If they already have an existing card