Trying SAML sender-vouches, standalone Java client call to service bus.

Similar Messages

• OJMS and Standalone Java Client

  Hi ,
  any one had luck in accessing the ojms queue from a standalone java application.I am using oc4j standalone 9.0.0.3 container.I was able to do it from a jsp page .
  But when i tried the same from standalone java client , its giving me javax.naming.NameNotFoundException: "No object bound for java:comp/resource/TestRP/QueueConnectionFactories/RPTable". The same lookup succeeds inside the jsp.Is there any additional configuration to be there for the standalone java client ?
  thanks in advance ..
  prem

  Perhaps too obvious a point, but your standalone java client is running in a process different from that of oc4j. How do your java client process connect to oc4j?
  Note that a jsp is running inside oc4j.

• How to insert message in OC4J JMS from standalone java client.

  Hi,
  I have been following available examples for creating standalone java clients to insert messages in JMS queues.
  I am able to insert using java client when the SOA suite and the standalone java code are on same machine.
  package producerconsumerinjava;
  import javax.jms.*;
  import javax.naming.*;
  import java.util.Hashtable;
  public class QueueProducer
  public static void main(String[] args)
  String queueName = "jms/demoQueue";
  String queueConnectionFactoryName = "jms/QueueConnectionFactory";
  Context jndiContext = null;
  QueueConnectionFactory queueConnectionFactory = null;
  QueueConnection queueConnection = null;
  QueueSession queueSession = null;
  Queue queue = null;
  QueueSender queueSender = null;
  TextMessage message = null;
  int noMessages = 5;
  * Set the environment for a connection to the OC4J instance
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
  env.put(Context.SECURITY_PRINCIPAL, "oc4jadmin");
  env.put(Context.SECURITY_CREDENTIALS, "mypass");
  env.put(Context.PROVIDER_URL,"ormi://myserver.company.com:12402"); //12402 is the rmi port
  * Set the Context Object.
  * Lookup the Queue Connection Factory.
  * Lookup the JMS Destination.
  try
  jndiContext = new InitialContext(env);
  queueConnectionFactory =
  (QueueConnectionFactory) jndiContext.lookup(queueConnectionFactoryName);
  queue = (Queue) jndiContext.lookup(queueName);
  catch (NamingException e)
  System.out.println("JNDI lookup failed: " + e.toString());
  System.exit(1);
  * Create connection.
  * Create session from connection.
  * Create sender.
  * Create text message.
  * Send messages.
  * Send non text message to end text messages.
  * Close connection.
  try
  queueConnection = queueConnectionFactory.createQueueConnection();
  queueSession =
  queueConnection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
  queueSender = queueSession.createSender(queue);
  message = queueSession.createTextMessage();
  for (int i = 0; i < noMessages; i++)
  message.setText("Message " + (i + 1));
  System.out.println("Producing message: " + message.getText());
  queueSender.send(message);
  queueSender.send(queueSession.createBytesMessage());
  catch (JMSException e)
  System.out.println("Exception occurred: " + e.toString());
  finally
  if (queueConnection != null)
  try
  queueConnection.close();
  catch (JMSException e)
  System.out.println("Closing error: " + e.toString());
  But when the SOA Suite is remote, I am struggling to get the settings correct
  Till now, here is what I have figured out from looking at blogs/tars etc on the Net:
  1. I need to use ApplicationClientInitialContextFactory instead of RMIInitialContextFactory (http://download.oracle.com/docs/cd/E14101_01/doc.1013/e13975/jndi.htm)
  2. The project should have a META-INF/application-client.xml file, which may be dummy (http://www.wever.org/java/space/Oracle/JmsTar1). Question is, my code is there in a single absolutely standalone code..how I can use this application-client.xml and where it has to be placed.
  Errors:
  When trying to run exact same code on local server that tries to enqueue JMS on remotee serverer
  Exception occurred: javax.jms.JMSException: Unable to create a connection to "xxxxxxx.yyyyyy01.dev.com/10.42.456.11:12,602" as user "null".
  Any help is greatly welcome.
  As an exercise, I copied this complete code on the server and then ran locally using a telnet client...it worked. So the problem is coming when accessing the server remotely.
  Rgds,
  Amit

  1. I need to use ApplicationClientInitialContextFactory instead of RMIInitialContextFactoryNot necessarily.
  2. The project should have a META-INF/application-client.xml fileThat's only necessary if going the ApplicationClientInitialContextFactory route.
  There are two types of JMS client applications you can write -- a pure/plain Java app, and an "AppClient". That first is your everyday run-of-the-mill Java application, nothing special. That latter is a special, complicated beast that tries to act as a part of the whole client/server/J2EE architecture which provides you with a semi-managed environment. Either can be made to work, but if all you need is JMS access (using plain OC4J JMS factory/queue names and not JMS Connector names), then the first is easier to get working (and performs a tiny bit better as well due to being a lighter-weight solution).
  I think the problem you are having might be: When you use the plain Java client solution, you do not have any type of management, and that includes user management. With no user management (and if the JMS server is not configured to allow anonymous connections) you need to include the username and password in the call to createConnection. (I think it may be that this is actually true in the AppClient case as well -- I avoid using the AppClient model as much as possible so my memory there is weaker.)
  If you prefer to go the AppClient route, I would point you to a demo I wrote which had a functioning example, but Oracle seems to have removed it (and all of the 10.1.3 demos?) from OTN. :-(
  Hmm, it seems to still be available on the wayback machine:
  http://web.archive.org/web/20061021064014/www.oracle.com/technology/tech/java/oc4j/1013/how_to/index.html
  (Just look down the page for "With OEMS JMS (In-Memory and File-Based)" -- there is an .html document with info, and there is a .zip file with source code.)
  Question is, my code is there in a single absolutely standalone code..how I can use this application-client.xml and where it has to be placed.The app client in my demo had the following directory structure:
  myjavaclient.class
  jndi.properties
  META-INF\MANIFEST.MF
  META-INF\application-client.xml
  META-INF\orion-application-client.xml
  When you use ApplicationClientInitialContextFactory I think it just looks under .\META-INF for the .xml files.
  -Jeff

• How to use standalone java client with an enterprise bean in J2EE 1.4

  Hi All,
  I am have deployed a stateless session bean in Sun's J2EE 1.4 Application Server. i am trying to call the bean using a standalone java client. but the client cannot access the bean.
  The error coming is:
  Jan 21, 2004 7:48:27 PM com.sun.corba.ee.impl.legacy.connection.SocketFactoryCo
  nectionImpl <init>
  WARNING: ORBUTIL.connectFailure
  org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No
  at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(
  RBUtilSystemException.java:1739)
  at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(
  RBUtilSystemException.java:1757)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.
  init>(SocketFactoryConnectionImpl.java:74)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryContactInfoImpl
  createConnection(SocketFactoryContactInfoImpl.java:88)
  at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.begi
  Request(CorbaClientRequestDispatcherImpl.java:146)
  at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(Corba
  lientDelegateImpl.java:121)
  at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaCli
  ntDelegateImpl.java:212)
  at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
  at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.jav
  :69)
  at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.ja
  a:58)
  at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:12
  at javax.naming.InitialContext.lookup(InitialContext.java:347)
  at StatelessSessionClient.main(StatelessSessionClient.java:17)
  Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection re
  used: connect
  at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSoc
  etFactory.java:390)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.
  init>(SocketFactoryConnectionImpl.java:58)
  ... 10 more
  Caused by: java.net.ConnectException: Connection refused: connect
  at sun.nio.ch.Net.connect(Native Method)
  at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:457)
  at java.nio.channels.SocketChannel.open(SocketChannel.java:146)
  at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSoc
  etFactory.java:381)
  ... 11 more
  javax.naming.CommunicationException: Can't find SerialContextProvider
  at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.ja
  a:66)
  at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:12
  at javax.naming.InitialContext.lookup(InitialContext.java:347)
  at StatelessSessionClient.main(StatelessSessionClient.java:17)
  Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed
  No
  at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(
  RBUtilSystemException.java:1739)
  at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(
  RBUtilSystemException.java:1757)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.
  init>(SocketFactoryConnectionImpl.java:74)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryContactInfoImpl
  createConnection(SocketFactoryContactInfoImpl.java:88)
  at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.begi
  Request(CorbaClientRequestDispatcherImpl.java:146)
  at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(Corba
  lientDelegateImpl.java:121)
  at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaCli
  ntDelegateImpl.java:212)
  at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
  at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.jav
  :69)
  at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.ja
  a:58)
  ... 3 more
  Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection re
  used: connect
  at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSoc
  etFactory.java:390)
  at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.
  init>(SocketFactoryConnectionImpl.java:58)
  ... 10 more
  Caused by: java.net.ConnectException: Connection refused: connect
  at sun.nio.ch.Net.connect(Native Method)
  at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:457)
  at java.nio.channels.SocketChannel.open(SocketChannel.java:146)
  at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSoc
  etFactory.java:381)
  ... 11 more
  My java client uses the following code to access the bean:
  Hashtable props = new Hashtable();
  String URL="iiop://localhost:3700";
  props.put("java.naming.factory.initial","com.sun.jndi.cosnaming.CNCtxFactory");
  props.put("java.naming.provider.url", URL) ;
  InitialContext ctx = new InitialContext();
  Object ref = ctx.lookup("ejb/StatelessSessionHome");
  StatelessSessionHome home = (StatelessSessionHome)PortableRemoteObject.narrow(ref,StatelessSessionHome.class);
  StatelessSessionRemote statelessSession = home.create();
  plz help me to locate the error.
  Regards,
  Mohit

  Hi Amol,
  thanks for your suggestion.
  i have deployed the converter application in J2EE1.4 tutorial in Sun AppServer J2EE1.4. the deployment process works smoothly. but accessing the deployed converter bean using standalone client as given in the tutorial gives the following error.
  Caught an unexpected exception!
  javax.naming.NoInitialContextException: Need to specify class name in environmen
  t or system property, or as an applet parameter, or in an application resource f
  ile: java.naming.factory.initial
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
  40)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243
  at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.jav
  a:280)
  at javax.naming.InitialContext.lookup(InitialContext.java:347)
  at ConverterClient.main(ConverterClient.java:14)
  I have set the InitialHost and InitialPort as suggested by you in the client code. the client gets successfully compiled but gives error when executed.
  The client code is:
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.rmi.PortableRemoteObject;
  import java.math.BigDecimal;
  public class ConverterClient {
  public static void main(String[] args) {
  System.setProperty("org.omg.CORBA.ORBInitialHost","localhost");
  System.setProperty("org.omg.CORBA.ORBInitialPort","3700");          
  try {
  Context initial = new InitialContext();
  Object objref = initial.lookup
  ("java:comp/env/ejb/SimpleConverter");
  ConverterHome home =
  (ConverterHome)PortableRemoteObject.narrow(objref,
  ConverterHome.class);
  Converter currencyConverter = home.create();
  BigDecimal param = new BigDecimal ("100.00");
  BigDecimal amount =
  currencyConverter.dollarToYen(param);
  System.out.println(amount);
  amount = currencyConverter.yenToEuro(param);
  System.out.println(amount);
  System.exit(0);
  } catch (Exception ex) {
  System.err.println("Caught an unexpected exception!");
  ex.printStackTrace();
  Please suggest so that i can run the standalone client successfully.
  Regards,
  Mohit Kapoor

• SAML Sender Vouches Assertion in ABAP only environment

  All u2013 apologies for a length postu2026
  subject: Standard logon - SAML Authentication (logon using SAML).
  We are testing if an external app u2013 like Oralce (consumer), can render a web service via SAML assertion into an AS ABAP (provider) environment. Per OSS note 1254821, we have setup a trusted environment, and were able to successfully test a bapi function via Certificate Authentication (logon using a client certificate), one of the standard logons.
  This test validates that the SOAP message can be processed through SAP, from the secured transport layer to decrypting and processing the SOAP message.
  When we move to test the SAML assertion piece, we are not able to find the logon of u201CSAML Authenticationu201D via the standard logon through trnx SICF.
  We nonetheless moved to test with all the available logon options without success:
  1     Fields Authentication
  2     SSO Authentication
  3     Basic Authentication
  4     SAP Authentication
  5     Certificate Authentication (we deactivated the USEREXTIDu2019s DN user)
  6     Service Authentication
  While researching, we come across that there should be a u201CSAML Authenticationu201D standard logon option, yet this is not available in our test system.
  Our system information is as follow:
  SAP ECC 6.0
  SAP_BASIS      700      SAPKB70017    
  SAP_ABA         700      SAPKA70017    
  We are testing in an ABAP stack environement.
  We have crossed reference with note 1254821, and have satisfied all the requirements.
  We expect the standard logon to contain the u201CSAML Authenticationu201D through SICF since we have configured the web service through SOAMANAGER using u201CSAML 1.1. Sender Vouches Assertionu201D.
  Question:
  Is u201CSAML Authenticationu201D standard logon necessary to facilitate the SAML sender vouches solution (we have only AS ABAP)?
  If needed, what configuration, or support pack we need to be on.
  Better yet, have anyone out there make it work? If so, please share.
  Thanks much,
  Alex

  Hi Jens,
  yes, it's  keystore view TicketKeystore. The idea is that a logon ticket trust suffices to get the SAML 1.1 Sender Vouches trust as well.
  The next thing you should take care of is to make sure that your SAP Portal system trusts the SAML issuer of your SAML assertion. This is to be configured in NetWeaver Administrator under Configuration Management  Security >  Trusted Systems. There you add the issuer string of your SAML Assertion into the Trusted Partners section.
  Please follow paragraph "Configuring the Trusted Partners (Provider)" on this documentation link for details: http://help.sap.com/saphelp_nw73/helpdata/en/48/b264916b156ff4e10000000a42189b/frameset.htm
  Another thing. Please see that for SOAP Web Services SAP (both AS ABAP and AS Java) for Sender-Vouches only SAML 1.1 is supported. Holder-of-key SAML assertions are supported with SAML 1.1 and SAML 2.0.
  Regards,
  Mathias

• Problem consuming web service created by ABAP via standalone java client

  I'm trying to consume web service created by ABAP in R3 system via standalone java client. I should be getting a string reply after consumed the web service (ZSMS_INBOUND), but so far i received null. I cant find any exception or log to trace the problem. Any help would be appreciated. Is there anything wrong with my client calling the web service?
  public void myMethod{
            // TODO : Implement
            try{
                 Stub stub = (Stub)new ZSMS_INBOUNDServiceImpl().getLogicalPort();
                 stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,"http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-               client=100&wsdl=1.1&mode=sap_wsdl");
                 inboundService = (ZSMS_INBOUND) stub;
                 BAPIRET2 str = inboundService.ZSMS_INBOUND(date, message, modemId, smsId, tel, time);
                 ackDeliveryArray<i> = str.toString();
            }catch (Exception e) {
                 e.printStackTrace();
  Generated following SAP help standalone proxy creation steps.
  ***files fr SEIs
  ZSMS_INBOUND.java   (interface)
  ZSMS_INBOUNDService.java  (interface)
  ZSMS_INBOUNDServiceImpl.java
  ZSMS_INBOUNDSoapBindingStub.java
  ***files fr Proxy classes
  ZSMS_INBOUND.java
  ZSMS_INBOUNDResponse.java
  BAPIRET2.java
  .... many more files
  the wsdl is as below (generated by ABAP):
  <?xml version="1.0" encoding="utf-8" ?>
  - <wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:n0="http://www.sap.com/webas/630/soap/features/authentication/" xmlns:sap="http://www.sap.com/webas/630/wsdl/features" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  - <wsdl:types>
  - <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified">
  - <xsd:simpleType name="char1">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="1" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char10">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="10" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char17">
  + <xsd:restriction base="xsd:string">
    <xsd:maxLength value="17" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char170">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="170" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char20">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="20" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char220">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="220" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char30">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="30" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char32">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="32" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="char50">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="50" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="date">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="10" />
    <xsd:pattern value="\d\d\d\d-\d\d-\d\d" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="numeric3">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="3" />
    <xsd:pattern value="\d*" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="numeric6">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="6" />
    <xsd:pattern value="\d*" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:simpleType name="time">
  - <xsd:restriction base="xsd:string">
    <xsd:maxLength value="8" />
    <xsd:pattern value="\d\d:\d\d:\d\d" />
    </xsd:restriction>
    </xsd:simpleType>
  - <xsd:complexType name="BAPIRET2">
  - <xsd:sequence>
    <xsd:element name="TYPE" type="tns:char1" />
    <xsd:element name="ID" type="tns:char20" />
    <xsd:element name="NUMBER" type="tns:numeric3" />
    <xsd:element name="MESSAGE" type="tns:char220" />
    <xsd:element name="LOG_NO" type="tns:char20" />
    <xsd:element name="LOG_MSG_NO" type="tns:numeric6" />
    <xsd:element name="MESSAGE_V1" type="tns:char50" />
    <xsd:element name="MESSAGE_V2" type="tns:char50" />
    <xsd:element name="MESSAGE_V3" type="tns:char50" />
    <xsd:element name="MESSAGE_V4" type="tns:char50" />
    <xsd:element name="PARAMETER" type="tns:char32" />
    <xsd:element name="ROW" type="xsd:int" />
    <xsd:element name="FIELD" type="tns:char30" />
    <xsd:element name="SYSTEM" type="tns:char10" />
    </xsd:sequence>
    </xsd:complexType>
  - <xsd:element name="ZSMS_INBOUND">
  - <xsd:complexType>
  - <xsd:sequence>
    <xsd:element name="DATE" type="tns:date" />
    <xsd:element name="MESSAGE" type="tns:char170" />
    <xsd:element name="MODEMID" type="tns:char10" />
    <xsd:element name="SMSID" type="tns:char17" />
    <xsd:element name="TEL" type="tns:char20" />
    <xsd:element name="TIME" type="tns:time" />
    </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
  - <xsd:element name="ZSMS_INBOUNDResponse">
  - <xsd:complexType>
  - <xsd:sequence>
    <xsd:element name="RETURN" type="tns:BAPIRET2" />
    </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
    </xsd:schema>
    </wsdl:types>
  - <wsdl:message name="ZSMS_INBOUND">
    <wsdl:part name="parameters" element="tns:ZSMS_INBOUND" />
    </wsdl:message>
  - <wsdl:message name="ZSMS_INBOUNDResponse">
    <wsdl:part name="parameters" element="tns:ZSMS_INBOUNDResponse" />
    </wsdl:message>
  - <sap:Feature name="design_0" uri="http://www.sap.com/webas/630/soap/features/authentication/">
  - <sap:Property qname="n0:AuthenticationLevel">
    <sap:Option value="n0:None" />
    </sap:Property>
    </sap:Feature>
  - <wsdl:portType name="ZSMS_INBOUND">
    <sap:useFeature feature="tns:design_0" />
  - <wsdl:operation name="ZSMS_INBOUND">
    <wsdl:input message="tns:ZSMS_INBOUND" />
    <wsdl:output message="tns:ZSMS_INBOUNDResponse" />
    </wsdl:operation>
    </wsdl:portType>
  - <wsdl:binding name="ZSMS_INBOUNDSoapBinding" type="tns:ZSMS_INBOUND">
    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
  - <wsdl:operation name="ZSMS_INBOUND">
    <soap:operation soapAction="" />
  - <wsdl:input>
    <soap:body use="literal" />
    </wsdl:input>
  - <wsdl:output>
    <soap:body use="literal" />
    </wsdl:output>
    </wsdl:operation>
    </wsdl:binding>
  - <wsdl:service name="ZSMS_INBOUNDService">
  - <wsdl:port name="ZSMS_INBOUNDSoapBinding" binding="tns:ZSMS_INBOUNDSoapBinding">
    <soap:address location="http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-client=100" />
    </wsdl:port>
    </wsdl:service>
    </wsdl:definitions>

  I'm now able to consume the web service, but with the error as below:
  Warning ! Protocol Implementation [com.sap.engine.services.webservices.jaxrpc.wsdl2java.features.builtin.MessageIdProtocol] could not be loaded (NoClassDefFoundError) !
  Error Message is :com/sap/guid/GUIDGeneratorFactory
  BAPIRET2 mappingInfo:
    TYPE   TYPE   false   false   11
    ID   ID   false   false   11
    NUMBER   NUMBER   false   false   11
    MESSAGE   MESSAGE   false   false   11
    LOG_NO   LOG_NO   false   false   11
    LOG_MSG_NO   LOG_MSG_NO   false   false   11
    MESSAGE_V1   MESSAGE_V1   false   false   11
    MESSAGE_V2   MESSAGE_V2   false   false   11
    MESSAGE_V3   MESSAGE_V3   false   false   11
    MESSAGE_V4   MESSAGE_V4   false   false   11
    PARAMETER   PARAMETER   false   false   11
    ROW   ROW   false   false   11
    FIELD   FIELD   false   false   11
    SYSTEM   SYSTEM   false   false   11
  My java code is :
  public class MyTest {
       public static void main(String[] args){
            try{
                           Stub stub = (Stub)new ZSMS_INBOUNDServiceImpl().getLogicalPort();
                           stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,"http://mytest:8080/sap/bc/srt/rfc/sap/ZSMS_INBOUND?sap-client=100");
                           ZSMS_INBOUND inboundService = (ZSMS_INBOUND) stub;
                           BAPIRET2 str = inboundService.ZSMS_INBOUND(param1,param2,param3,param4,param5,param6);
                           System.out.println(str.toString());
                           }catch (Exception e) {
                                e.printStackTrace();

• Error in oim Role creation using Role Manager Service API from Standalone Java client

  Hi,
    Facing the following error when trying to create Role using Role Manager Service API from a standalone java client .
  Tried with the solution of changing ,
  Login into the Web Logic Admin Console --> Servers --> OIM Server --> Protocols --> Modify the Maximum Message from 100000000 to 1000000000, but still the problem persists.
  Exception in thread "main" org.omg.CORBA.BAD_PARAM:   vmcid: 0x0  minor code: 0  completed: No
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at java.lang.Class.newInstance0(Unknown Source)
  at java.lang.Class.newInstance(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.MessageBase.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
  at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
  at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
  at com.sun.org.omg.SendingContext._CodeBaseStub.meta(Unknown Source)
  at com.sun.corba.se.impl.encoding.CachedCodeBase.meta(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.getOrderedDescriptions(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.inputObjectUsingFVD(Unknown Source)
  at com.sun.corba.se.impl.io.IIOPInputStream.simpleReadObject(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValueInternal(Unknown Source)
  at com.sun.corba.se.impl.io.ValueHandlerImpl.readValue(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_value(Unknown Source)
  at com.sun.corba.se.impl.encoding.CDRInputStream.read_value(Unknown Source)
  at oracle.iam.identity.rolemgmt.api._RoleManager_ogut7n_RoleManagerRemoteRIntf_Stub.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at $Proxy2.createx(Unknown Source)
  at oracle.iam.identity.rolemgmt.api.RoleManagerDelegate.create(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.subject.SubjectProxy.doAs(SubjectProxy.java:64)
  at weblogic.security.subject.SubjectManager.runAs(SubjectManager.java:262)
  at weblogic.security.Security.runAs(Security.java:48)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at $Proxy3.create(Unknown Source)
  at com.idm.role.CreateRole.createRole(CreateRole.java:113)
  at com.idm.role.CreateRole.main(CreateRole.java:167)
  Thanks In Advance

  Hi , I have used OIM 11g  R2.
  Please find below the code we have used,
  package com.idm.role;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import java.util.logging.Logger;
  import javax.security.auth.login.LoginException;
  import oracle.iam.identity.exception.NoSuchRoleException;
  import oracle.iam.identity.exception.RoleAlreadyExistsException;
  import oracle.iam.identity.exception.RoleCreateException;
  import oracle.iam.identity.exception.RoleLookupException;
  import oracle.iam.identity.exception.RoleModifyException;
  import oracle.iam.identity.exception.SearchKeyNotUniqueException;
  import oracle.iam.identity.exception.ValidationFailedException;
  import oracle.iam.identity.rolemgmt.api.RoleManager;
  import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
  import oracle.iam.identity.rolemgmt.vo.Role;
  import oracle.iam.platform.OIMClient;
  import oracle.iam.platform.authz.exception.AccessDeniedException;
  public class CreateRole {
  private final static Logger LOGGER = Logger.getLogger(CreateRole.class .getName());
  OIMClient oimClient = null;
  public OIMClient connectToOIM() {
    LOGGER.info("In connectToOIM ");
    Hashtable env = new Hashtable();
    env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
      "weblogic.jndi.WLInitialContextFactory");
    env.put(OIMClient.JAVA_NAMING_PROVIDER_URL,
      "t3://V-hydidm1.itig.co.in:14000");
    System.setProperty("java.security.auth.login.config",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\authwl.conf");
    System.setProperty("java.security.policy",
      "F:\\Projects\\IDM\\Team\\Env_setup\\OIM_Setup\\designconsole\\config\\xl.policy");
    System.setProperty("OIM.AppServerType", "wls");
    System.setProperty("APPSERVER_TYPE", "wls");
    System.setProperty("weblogic.Name", "oim_server1");
    oimClient = new OIMClient(env);
    try {
     oimClient.login("xelsysadm", "Passw0rd".toCharArray());
    } catch (LoginException e) {
     e.printStackTrace();
    System.out.println("Connected");
    return oimClient;
  public void readRoleMetadata() {
    LOGGER.info("in readRoleMetadata ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    try {
     Role roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     Set attributeNameSet = roleVo.getAttributeNames();
     Iterator it = attributeNameSet.iterator();
     while (it.hasNext()) {
      System.out.println("Attribute Name :: " + it.next());
     // roleVo.setAttribute("ADentitlements", "Security Admin access");
     String adEntitlements = "" + roleVo.getAttribute("ADentitlements");
     System.out.println("AD Entitlements :: " + adEntitlements);
     System.out.println("DB Entitlements :: " + ""
       + roleVo.getAttribute("DBEntitlements"));
     System.out.println("Unix Entitlements :: " + ""
       + roleVo.getAttribute("UnixWindows"));
     System.out.println("VPN :: " + "" + roleVo.getAttribute("VPN"));
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void createRole() {
    LOGGER.info(" in Create role ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_NAME, "API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DESCRIPTION,
      "This Role is created using API Role1");
    roleCreationAttrMap.put(RoleManagerConstants.ROLE_DISPLAY_NAME,
      "API Role1");
    roleCreationAttrMap.put("ADentitlements", "API Role1 AD Entitlements");
    roleCreationAttrMap.put("DBEntitlements", "API Role1 DB Entitlements");
    roleCreationAttrMap.put("VPN", "No");
    roleCreationAttrMap.put("UnixWindows", "API Role1 Unix Entitlements");
    Role roleVo = new Role(roleCreationAttrMap);
    try {
     System.out.println(" Before Create role *********************************************");
     roleManagerService.create(roleVo);
     System.out.println("Role Created .. ");
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleAlreadyExistsException e) {
     e.printStackTrace();
    } catch (RoleCreateException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
  public void modifyRole() {
    LOGGER.info(" in modifyRole ");
    RoleManager roleManagerService = oimClient
      .getService(RoleManager.class);
    Role roleVo;
    try {
     roleVo = roleManagerService.getDetails(
       RoleManagerConstants.ROLE_DISPLAY_NAME, "API Role1", null);
     String roleKey = roleVo.getEntityId();
     HashMap<String, Object> roleCreationAttrMap = new HashMap<String, Object>();
     roleCreationAttrMap.put("ADentitlements",
       "Updated API Role1 AD Entitlements");
     Set roleKeySet = new HashSet<String>();
     roleKeySet.add(roleKey);
     Role roleVoNew = new Role(roleCreationAttrMap);
     roleManagerService.modify(roleKeySet, roleVoNew);
     System.out.println("Role Modified ..");
    } catch (SearchKeyNotUniqueException e) {
     e.printStackTrace();
    } catch (NoSuchRoleException e) {
     e.printStackTrace();
    } catch (RoleLookupException e) {
     e.printStackTrace();
    } catch (AccessDeniedException e) {
     e.printStackTrace();
    } catch (ValidationFailedException e) {
     e.printStackTrace();
    } catch (RoleModifyException e) {
     e.printStackTrace();
  public static void main(String args[]) {
    CreateRole miscObj = new CreateRole();
    miscObj.connectToOIM();
    miscObj.createRole();
    //miscObj.readRoleMetadata();
  Thanks In Advance .

• Problem in accessing the Web Service using standalone Java Client

  Dear Friends,
  Hi,
  I have an active web service and I have tested the same with XML Spy and Apache Axis and is giving me the output perfectly. For the same, I have developed a standalone Java client but getting problem in fetching the output.
  The Exception is :
  <Jan 4, 2006 5:54:16 PM GMT+05:30> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler threw
  an exception from its handleResponse method.
  The exception was:
  javax.xml.rpc.JAXRPCException: java.io.IOException: Received a response from url: http://10.20.15.59:18004/amountToWords which did
  not have a valid SOAP content-type: text/html;charset=ISO-8859-1. .>
  SOAP Fault **************** Exception during processing: java.io.IOException: Received a response from url: http://10.20.15.59:18
  004/amountToWords which did not have a valid SOAP content-type: text/html;charset=ISO-8859-1.
  (see Fault Detail for stacktrace)
  javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.io.IOException: Received a response from url: http://10.2
  0.15.59:18004/amountToWords which did not have a valid SOAP content-type: text/html;charset=ISO-8859-1.
  (see Fault Detail for sta
  cktrace)
  at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:313)
  at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:566)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:419)
  at HelloClient.main(HelloClient.java:100)
  I have tried some ways to set the content type explicitly but the results are same(throwing an exception).
  I appreciate you all for helping me out of this.
  Thanks
  VR

  Hi Amit
  We also have this issue with weblogic webservices. Did you get any resolution for this issue.
  When the service is executed for lesser number of hits, all the responses are processed properly. But as load (Number of hits for the same service) increases, few responses are failed to be parsed in the web service client. We could confirm that the producer responds with proper content type (text/xml)
  Any help or pointers will be greatly appreciated.
  Thanks,
  Finny

• SPNEGO in WLS with standalone java client

  Hello All,
  Do WLS support SSO with SPNEGO using standalone java client?
  /Ed

  ok I found the answer.
  You can use either MS IE or WebServies...but not standalone java client.
  /Ed

• Automatically Running a Standalone Java Client

  I have an application running on Orion with a standalone Java client, and I want this client to run as soon as the server is started. To complicate matters this client has an argument. After studying the documentation, I have made the following entries in the deployment descriptors (my apologies for the poor formatting):
  In server.xml:
  <application name="myApp" path="../applications/myApp.ear" auto-start="true" />
  In application.xml:
  <application>
  <display-name>myApp</display-name>
  <module>
  <ejb>./myApp-ejb.jar</ejb>
  <java>./myApp-client.jar</java>
  </module>
  <security-role>
       <description>myApp system admin</description>
       <role-name>admin</role-name>
  </security-role>
  </application>
  and in orion-application.xml:
  <ejb-module path="./myApp-ejb.jar" remote="false" />
       <client-module path="./myApp-client.jar" auto-start="true" user="admin">
            <arguments>
                 <argument value="theArgument" />
            </arguments>
       </client-module>
  After all this nothing happens when the server starts. I still must manually run the client (with java -jar myApp-client.jar theArgument). I have been studying this for two days, and I cannot determine why this is the case.
  One interesting thing I did notice was that the entire <client-module> tag (and therefore the <arguments> tag inside it) was missing in the orion-application.xml file located in the application-deployments directory. Of course I have no idea if that is significant.
  Any insight into this perplexing problem is appreciated. Thanks.

  I am curious if this is an issue with the paths I have placed in any or all of the descriptors. Should the paths in orion-application.xml be relative to itself? In other words, if you have this in the EAR:
  myApp.ear
  META-INF
  orion-application.xml
  application.xml
  myApp-ejb.jar
  myApp-client.jar
  then should the <client-module> path be this:
  <client-module path="../myApp-client.jar" >
  Or should it be relative to something other than the descriptor itself?
  Any insight is appreciated.
  Thanks again.

• RMI - EJB Standalone Java client

  Hello,
  We have a standalone Java client attempting to invoke a EJBs running on OC4J. We get a user not allowed to access namespace...check orion-application.xml file... Any ideas what could be the problem.
  Regards.

  Hi,
  In access namespace tag of your orion-application.xml, you should specify the same user as the one used by your java client.
  Hope that helps
  regards

• SAML sender-vouches using SSL

  Hi,
  I have an WLS 9.2 sending a SOAP with SAML:
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="0">
  <Assertion AssertionID="cb5d35763849418c060580753c16b334" IssueInstant="2008-12-03T09:27:59.121Z" Issuer="ISSUER_URL" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
  <AuthenticationStatement AuthenticationInstant="2008-12-03T09:27:59.121Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
  <Subject>
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="notRelevant">USER_NAME</NameIdentifier>
  <SubjectConfirmation>
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  </AuthenticationStatement>
  <AttributeStatement>
  <Subject>
  <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="notRelevant">USER_NAME</NameIdentifier>
  <SubjectConfirmation>
  <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
  </SubjectConfirmation>
  </Subject>
  <Attribute AttributeName="Groups" AttributeNamespace="urn:bea:security:saml:groups" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <AttributeValue>XX_ATN_X509_HTTPS</AttributeValue>
  <AttributeValue>XX_SERVER</AttributeValue>
  <AttributeValue>XX_GROUP</AttributeValue>
  </Attribute>
  </AttributeStatement>
  </Assertion>
  </wsse:Security>
  I have configured a standard WLS 9.2 as destination. It looks like it understands the SAML token. But I get this SOAP response:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header/>
  <soapenv:Body>
  <soapenv:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>wsse:InvalidSecurityToken</faultcode>
  <faultstring>Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@1a2f279[status: false][msg The SAML token is not valid.]</faultstring>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>
  On the console I see this exception:
  java version "1.5.0_10"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03)
  Java HotSpot(TM) Client VM (build 1.5.0_10-b03, mixed mode)
  weblogic.xml.crypto.wss.WSSecurityException: Security token failed to validate.
  weblogic.xml.crypto.wss.SecurityTokenValidateResult@1be496b[status: false][msg The SAML token is not valid.]
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshalAndProcessSecurityToken(SecurityImpl.java:476)
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:392)
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:338)
  at weblogic.xml.crypto.wss.api.WSSecurityFactory.unmarshalAndProcessSecurity(WSSecurityFactory.java:65)
  at weblogic.wsee.security.WssServerHandler.processRequest(WssServerHandler.java:35)
  at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:72)
  at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:127)
  at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDispatcher.java:85)
  at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
  at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.java:66)
  at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java:44)
  at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseWSServlet.java:173)
  at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java:92)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3231)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2002)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1908)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1362)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  weblogic.xml.crypto.wss.WSSecurityException: Security token failed to validate.
  weblogic.xml.crypto.wss.SecurityTokenValidateResult@1a2f279[status: false][msg The SAML token is not valid.]
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshalAndProcessSecurityToken(SecurityImpl.java:476)
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:392)
  at weblogic.xml.crypto.wss.SecurityImpl.unmarshal(SecurityImpl.java:338)
  at weblogic.xml.crypto.wss.api.WSSecurityFactory.unmarshalAndProcessSecurity(WSSecurityFactory.java:65)
  at weblogic.wsee.security.WssServerHandler.processRequest(WssServerHandler.java:35)
  at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:72)
  at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:127)
  at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDispatcher.java:85)
  at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
  at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.java:66)
  at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java:44)
  at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseWSServlet.java:173)
  at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java:92)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3231)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2002)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1908)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1362)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  What do I need to configure on the destination server so that this SAML token is correctly validated?
  My understanding is that I use a SAML token with sender-vouches for that the trust is based on the SSL connection. Is my understanding correct?
  I have configured 2way-SSL and this works fine between the two machines. Do I need additional certificates on the destination side?
  Thanks
  Jochen

  Hi Bethune,
  you replied to a request that I posted in December 2008.
  Hopefully you are still in this business ... :)
  I need to consume a SAML 1.1 Sender-Vouches assertion on WLS 10.3 now.
  The 2way-SSL is established fine and I am able to send the SOAP request with the SAML 1.1.
  On the sending server I see that 2way SSL is fully established and the SOAP is sent to the destination.
  I get this response:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault xmlns:fault="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>fault:MustUnderstand</faultcode>
  <faultstring>MustUnderstand header not processed '{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security'</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  The above means nothing is configured to process the SAML 1.1 Assertion.
  But I did the following:
  Security Realm > myrealm > Providers
  I have added: SAMLIdentityAsserterV2
  SAMLIdentityAsserter > Managment > Asserting Party
  I have added an Asserting Party
  - WSS/Sender-Vouches
  - Enabled
  - Issuer URI: "the one used in the SAML assertion"
  - Target URL: https://localhost:7002/webservice/WebServiceOpteration (URL used to call the webservice)
  I am not quite sure if the TargetURL is correct? What is the format here?
  For me it looks pretty much complete but still I get this mustUnderstand issue.
  Looks like my config is ignored. What might I have missed?
  I have enabled debug for saml and saml2 but I do not see any SAML related entries in the output on the console.
  Do you have any ideas? It was working on WLS 9.2 but now I am stuck on WLS 10.3.
  Thanks for your support
  Jochen

• SAML Sender-Vouches errors when using with OWSM

  Hi,
  We have configured OWSM Policy 'SAML - Verify WSS 1.0 Token' with Allow signed assertions only. We have created jks Trust store location and configured policy to refer to the file with appropriate password.
  We have created proxy security to Sender-Voches signed and to sign outbound message.
  We are getting following error when we try to run the proxy.
  javax.xml.rpc.soap.SOAPFaultException: SAML token verification failed
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:555)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  at vigni4.oracle.srtutorial.datamodel.proxy.runtime.TimeServiceSoap_Stub.getTime(TimeServiceSoap_Stub.java:79)
  at vigni4.oracle.srtutorial.datamodel.proxy.TimeServiceSoapClient.getTime(TimeServiceSoapClient.java:41)
  at vigni4.oracle.srtutorial.datamodel.proxy.TimeServiceSoapClient.main(TimeServiceSoapClient.java:29)
  Process exited with exit code 0.
  and Error in gateway.log is
  2007-09-01 18:58:56,561 WARNING [RMICallHandler-58] saml.VerifySAMLStep - SAML Token verification failed:
  Can any provide information on how to resolve the issue?

  We have also noticed that correct message is reaching OWSM.
  Attaching the same.
  <?xml version="1.0" encoding="UTF-8" ?>
  - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:Test:GetTime">
  - <env:Header>
  - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="_FNfXFOVi1OcPKSyRUAHDyw22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICQjCCAasCBEbZZN4wDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMB4XDTA3MDkwMTEzMTA1NFoXDTA3MTEzMDEzMTA1NFowaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrVJbJ/sPvZsgZEDUSIolP1UDT8hfyajfIaPqYHBLBK+FlywrhhrxESyzAsG/k7FSIRZvFg5vAk/W3LB+nPBtrbI2bBMEsQbznuSjzEVkQJVxZMlDjR4yNMHPLbniL64BKuTFnLEhWrnZTmpiThjwoWMPL9eK7/x7su9iDCP5NwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADWjdaRz0FBNHxXPiV9Ad0Kkm2Eag5LQXQoXUuC/VTXk56uQktVLtorp5fYAUsRD2o7ZuPGPJ6Q+5Owe8wXbxrCOX1diI5fxpH5TsS0k8Y/7/Hx3gq67JuPy8x8ApgNd+NagAKHKC0rgEP9ng1FGyhzuHICapPxmjrt2VI3SW2cJ</wsse:BinarySecurityToken>
  - <dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  - <dsig:SignedInfo>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
  - <dsig:Reference URI="#mvDwzM5hZWAdG6n5tKLufA22">
  - <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <dsig:DigestValue>zBFquf+Y0ngNapyK4Xq0Jws1FPM=</dsig:DigestValue>
  </dsig:Reference>
  - <dsig:Reference URI="#nwWnNm69TPcdyp0yT8fa7g22">
  - <dsig:Transforms>
  - <dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
  - <wsse:TransformationParameters xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </wsse:TransformationParameters>
  </dsig:Transform>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <dsig:DigestValue>rgHU/BWcaOiwuP/Q72oybFcEQO8=</dsig:DigestValue>
  </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>R+RGFjzRYpGVPGINbzsFbXSQ7Slc04/mzQ+BX57oD7NhMKxCcO1C9cV2cJzWAeN5WuDlfsh3RZR/5sTsyEi3yO69ECcLUNDlbjey57GBr5W9PRRIWPs2fZVk2EH4+KOnXVghcAsrXPgm1Ai9UZQUXh0aPiOkQMDplnnhENTkKUo=</dsig:SignatureValue>
  - <dsig:KeyInfo>
  - <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Reference URI="#_FNfXFOVi1OcPKSyRUAHDyw22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  </dsig:Signature>
  - <wsse:SecurityTokenReference wsu:Id="nwWnNm69TPcdyp0yT8fa7g22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">YFfqXnq2xlt426HB9uDInw22</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  - <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="YFfqXnq2xlt426HB9uDInw22" IssueInstant="2007-09-01T13:40:06Z" Issuer="https://phaos.com/idp" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:Conditions NotBefore="2007-09-01T13:40:06Z" NotOnOrAfter="2007-09-02T13:40:06Z" />
  - <saml:AuthenticationStatement AuthenticationInstant="2007-09-01T13:40:06Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
  - <saml:Subject>
  <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">oc4jadmin</saml:NameIdentifier>
  - <saml:SubjectConfirmation>
  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
  </saml:SubjectConfirmation>
  </saml:Subject>
  </saml:AuthenticationStatement>
  </saml:Assertion>
  </wsse:Security>
  </env:Header>
  - <env:Body wsu:Id="mvDwzM5hZWAdG6n5tKLufA22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  - <ns0:getTime env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <format xsi:type="xsd:string" />
  </ns0:getTime>
  </env:Body>
  </env:Envelope>

• Web Service: Sender Channel with JAVA client (Apache Axis)

  Hello to all,
  I am trying to connect an Axis-based Java client to XI via the SOAP adapter.
  When connecting, the client receives the error message "Unauthorised" - it seems as if it cannot handle the basic HTTP authentication.
  Can I easily disable this authentication mode in XI (or better: in this adapter)?
  Or does anybody know how to implement the authentication in the Axis framework?
  Many thanks and best regards,
  Carsten

  Carsten,
  AFAIK, you must provide the credntials to access the service on XI. Follow the section <b>Call configuration</b> on this link
  http://ws.apache.org/axis/java/client-side-axis.html.
  you basically need to properties with the Call method as explained in the link.

• Sending response to java Client

  Hi everyone,
  I am trying to make a java client that is solely used for the login verification, and if the user is granted access the server return a jnlp file as a response. For this I have use a JEditorPane that loads a existing html mask with a form. My questin is :
  How could I send this response to java client so that I can process it and give it to webstart as a parameter.
  How can I capture the events occuring on elements inside the HTML form.
  waiting for any kind of help :)
  Nikhil

  this subforum is about Kerberos and GSS and not about NTLM. Why are you hasseling with NTLM? Take Kerberos.