1 2 3 4 Previous Next 57 Replies Latest reply: Jun 9, 2010 10:51 AM by Stefan Guilhen Go to original post RSS
  • 30. Re: Classcast exception while executing WSTrustClientTest
    Rashmi Rajappa Newbie

    This thread contains all the details on the purpose of the changes. To make it simple for you there was a minor issue wrt parsing of the SOAP request which was fixed.

     

    "Also for me to create our tokens all I need to do is input the security information into the keystore and run it against the test. Now how to I get that into my service. After getting the saml response, do I place that into our soap header?"

     

    PicketlinkSTS takes care of constructing the SAML response and sending it. If you configure the keystore in picketlink-sts.xml, Picketlink will use it to sign the SAML assertion that has be generated by the TokenProvider(this is the class where SAML assertion has to be created). I'm not certain what you mean by your service?

     

    "think we are trying to create a token and place it within our soap to send across. Is this possible??"

    Yes, i think that is the purpose of PicketLinkSTS I'm able to do it

     

    regards,

    Rashmi

  • 31. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    Ok, so do I need to go get the new snapshot jar if I was passing the client test already?

     

    By "service", I mean we are trying to communicate with new ____ an it requires saml authentication to gain access.

     

    I can be asking a really silly question right here but where is SOAP request that we are parsing? I don't see it in the WAR.

     

    So let me see if i am breaking this down right for us:

    1. I am going to need to update our WSDL for the SAML sections
    2. Update our SOAP request to use the STS and give the endpoint where I need it to go.

     

     

    What my team is trying to accomplish

    We have a web service which creates a SOAP request and sends it to a endpoint. I guess I am trying to figure out how to send that request to the STS which will then parse it and apply the response and send it one to the endpoint?

  • 32. Re: Classcast exception while executing WSTrustClientTest
    Rashmi Rajappa Newbie

    Anil,

     

    I imported the keystore keys using

     

    C:\Java\jdk1.6.0_01\bin>keytool.exe -importkeystore  -srckeystore E:\PicketLinkSrc\sts_keystore.jks -destkeystore sts_keystore.jks -srcstoretype JKS -deststoretype JKS -srcstorepass testpass -deststorepass testpassEntry for alias service2 successfully imported.Entry for alias service1 successfully imported.Enter key password for Entry for alias sts successfully imported.Import command completed:  3 entries successfully imported, 0 entries failed orcancelled

     

     

     

     

    All the keys were successfully imported.

    Still WSTrustClient gives the same output:

     

    Is assertion valid? false

     

    Pl help.

     

    regards,

    Rashmi

  • 33. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    I tried using the SNAPSHOT jar and that gave me a error so I have rolled back to using the CR3 original. Error recieved was

     

    Eclipse console output

     

    10:39:31,004 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
    java.lang.RuntimeException: Request Security Token node not found
        at org.picketlink.identity.federation.core.wstrust.WSTrustJAXBFactory.parseRequestSecurityToken(WSTrustJAXBFactory.java:141)
        at org.picketlink.identity.federation.core.wstrust.PicketLinkSTS.invoke(PicketLinkSTS.java:82)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.jboss.wsf.container.jboss50.invocation.InvocationHandlerJSE.invoke(InvocationHandlerJSE.java:108)
        at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:222)
        at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)
        at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
        at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
        at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
        at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Unknown Source)

     

     

    This is the trace from the Junit test

     

    javax.xml.ws.soap.SOAPFaultException: Request Security Token node not found
        at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
        at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
        at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)
        at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)
        at org.picketlink.identity.federation.core.wstrust.STSClient.issueToken(STSClient.java:151)
        at org.picketlink.identity.federation.core.wstrust.STSClient.issueToken(STSClient.java:128)
        at org.picketlink.identity.federation.api.wstrust.WSTrustClient.issueToken(WSTrustClient.java:81)
        at test.WSTrustClientTest.testSTS(WSTrustClientTest.java:65)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
        at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
        at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
        at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
        at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:46)
        at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
        at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
        at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
        at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
        at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

  • 34. Re: Classcast exception while executing WSTrustClientTest
    Stefan Guilhen Apprentice

    Jamere,

     

    make sure you have replaced the picketlink-fed.jar for the snapshot on both client and server side. That is, your eclipse app should be using the snapshot when creating the request, and the STS should be using the same snapshot when handling the request. So you need to ensure that your picketlink-sts.war contains the snapshot or that the snapshot has replaced the picketlink-fed.jar in server/xxx/lib/ (if that's where you placed it).

     

    Stefan

  • 35. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    Oh man...thanks didnt do that second step. Also did you see my above concerns

  • 36. Re: Classcast exception while executing WSTrustClientTest
    Stefan Guilhen Apprentice

    Rashmi,

     

    can you please inspect the WS-Trust response message and see what the validation reason is? The STSClient only tells us the validation has failed, but we need to check the validation reason to make sure this is a XML signature problem.

  • 37. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    My client is still validating true and I am using the snapshot. What issue is everyone having?

  • 38. Re: Classcast exception while executing WSTrustClientTest
    Stefan Guilhen Apprentice

    Hi Jamere,

     

    if I understood you correctly, you have a service which requires SAML authentication. So you probably have a Policy to describe this requirement.

     

    Ideally, things should happen as follows: a request is sent to the service endpoint. The request is then validated against the configured policy and if a SAML assertion is not found in the SOAP headers, the service runtime sends a message back to the request initiator. This message tells the initiator to first obtain a token from the STS and then retry (the message may contain the STS URL, explicitly telling the initiator to obtain a token from the specified STS). The initiator sends a WS-Trust request to the STS, obtains the assertion, includes it in the SOAP message, and sends it to the service endpoint. This time the policy requirements of your service should be met and the request should reach the service.

     

    Now how exactly this is done depends on the WS runtime being used. I haven't tried myself to build this scenario so I really don't know if the existing runtimes are capable of handling this transparently or if it is up to you to catch the error sent by the service runtime when the policy requirements are not met and call the STS yourself - most probably this is what you will have to do.

     

    Stefan

  • 39. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    So i have a question Stefan,

     

    We know what it takes to get access into client. It requires a x.509 cert which we have been given. So could we just import our cert into the keystore that is read by the picketlink-sts.xml?

  • 40. Re: Classcast exception while executing WSTrustClientTest
    Rashmi Rajappa Newbie

    Stefan,

     

    Changed the debug level to TRACE.

    Pl find attached the log file which has the WSTrust response and the SAML XML.

     

    regards,

    Rashmi

  • 41. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    Hey Stephan,

     

    Where is the request that the client is using coming from? Is there a way to store the cert into the STS and send the SOAP request with the wssecurity header with username/password to the STS and then the cert is then applied and the token is generated? Once all that is done the STS sends the message on to the endpoint?

     

    OR

     

    Do we have to create our cert and add it to the keystore that is used by the picketlink-sts.xml file. If we do this is it possible to take the assertion created and add it to the request and continue to send it to the endpoint?

  • 42. Re: Classcast exception while executing WSTrustClientTest
    Stefan Guilhen Apprentice

    Jamere,

     

    I'm not sure I understand what you need to do with the X.509 certificate. The STS implements the main component of the WS-Trust specification and as such it receives requests and dispatches responses according to the WS-Trust protocol. This means the STS will not forward any SOAP request to an endpoint. It is up to the STS client to retrieve the token from the response, add it to the appropriate SOAP header and send the SOAP request to the endpoint.

  • 43. Re: Classcast exception while executing WSTrustClientTest
    Jamere Morrow Newbie

    We have that part figured out. What I dont understand is where is the  username token that Rashmi used on page 1 coming from and how did he get in into the STS.

     

    I have attached his file. Where did he get it from and how did he pass it to the STS?

  • 44. Re: Classcast exception while executing WSTrustClientTest
    Rashmi Rajappa Newbie

    Stefan,

     

    Pl give me some pointers on what could possibly be wrong due to which i'm getting "Is Assertion Valid? false"

     

    regards,

    Rashmi