-
1. Re: PicketLink 2.0.3.Final is released
aljacinto Apr 9, 2012 2:14 PM (in response to anil.saldhana)Hi Anil,
I wanted to try the sts app with AS 7.1.1. I should be able to use the client specified in https://community.jboss.org/wiki/PicketLinkSecurityTokenService , right? The only modification I did with the sts war is to include sts-user.properties and sts-roles.properties and make sure to add role specified in web.xml (STSClient). I am also using the standalone.xml from https://community.jboss.org/wiki/PicketLink203Final
I'm getting 403: Forbidden however. Any clue?
Thanks in advance.
Also the PicketLink Jar Zip for JBoss AS 7.1.x zip file does not include picketlink-trust-jbossws-2.0.3.Final.jar. Is that by intent? The module.xml specified posted in https://community.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711 said to include that however.
Alex
-
2. Re: PicketLink 2.0.3.Final is released
aljacinto Apr 9, 2012 2:34 PM (in response to aljacinto)I was using the wrong URL. I can access the wsdl now, getting a different error:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: javax/xml/crypto/dsig/dom/DOMSignContext
-
3. Re: PicketLink 2.0.3.Final is released
anil.saldhana Apr 9, 2012 3:55 PM (in response to aljacinto)Alex Jacinto wrote:
I was using the wrong URL. I can access the wsdl now, getting a different error:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: javax/xml/crypto/dsig/dom/DOMSignContext
https://community.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711
There is some issue with the xmlsec libraries starting with AS7.1.1 that Pedro gives instructions to get away.
-
4. Re: PicketLink 2.0.3.Final is released
anil.saldhana Apr 9, 2012 3:56 PM (in response to aljacinto)Also the PicketLink Jar Zip for JBoss AS 7.1.x zip file does not include picketlink-trust-jbossws-2.0.3.Final.jar. Is that by intent? The module.xml specified posted in https://community.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711 said to include that however.
You do not need this jar for using the STS. This jar does not have any importance in AS7 yet. We are trying to fill some gaps in functionality that this jar provides in AS5/6 environment.
-
5. Re: PicketLink 2.0.3.Final is released
aljacinto Apr 9, 2012 5:45 PM (in response to anil.saldhana)Works! Thanks for the quick reply. tested both SAML 2.0 and 1.1
Successfully issued a standard SAMLV2.0 Assertion!
<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_69b8dc94-8ed0-4a58-b1a4-3cb65b4e0a11" IssueInstant="2012-04-09T21:37:49.678Z" Version="2.0"><saml:Issuer>PicketLinkSTS</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5xNM3ox5D9APeK29y8X4hwqJC8s=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>SIRF9BqTjZOh1PWRmpDaBGpZ1RbRjCbgUy+sAyfQDJoMgRdBfMsl6+qLXE8v2+e1R9rbmY4HzfAX
drnMLXgvpui84ldnwfCIFte2Ut08/fNILZ+wah/CEnH8+Shs4CNqAJPdtMinR8IvgXaG8fBnChyc
LBtbcxfKsKHm/gkqoVY=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKw
lYGGtrP5VQv00dfNPbs=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><saml:Subject><saml:NameID NameQualifier="urn:picketlink:identity-federation">tomcat</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml:Subject><saml:Conditions NotBefore="2012-04-09T21:37:49.678Z" NotOnOrAfter="2012-04-09T23:37:49.678Z"/></saml:Assertion>
Is assertion valid? true
Successfully issued a standard SAMLV2.0 Assertion!
<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ID_eb76fdfc-8614-462f-933e-cb8d17cb5e4e" IssueInstant="2012-04-09T21:43:36.572Z" Issuer="PicketLinkSTS" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2012-04-09T21:43:36.572Z" NotOnOrAfter="2012-04-09T23:43:36.572Z"/><saml:AuthenticationStatement AuthenticationInstant="2012-04-09T21:43:36.572Z" AuthenticationMethod="urn:picketlink:auth"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">tomcat</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>HDnMXVoONxX3EtDGVhI3y5n88ho=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Lw/KCB//ahqDl9YFvA54jAiHA4uyte2xzqU1B+5qJTzy/ADKULWnjSV6gG5BNF2BwqgRwYD0GW3K
W/mEeHefJ6IZD/rHxMChGDYM4v/1ST27RV/tGWXSMOeilK0pMFvO0yWrljQarJvCV1cYwZR+zbaQ
davemRmvg95GxbwaJl4=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKw
lYGGtrP5VQv00dfNPbs=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature></saml:Assertion>
Is assertion valid? true
-
6. Re: PicketLink 2.0.3.Final is released
anil.saldhana Apr 9, 2012 6:19 PM (in response to aljacinto)Looks decent to me. Would you be able to create a nice little cheatsheet/article for other users like you? This is open source and our users will greatly appreciate your writing.
-
8. Re: PicketLink 2.0.3.Final is released
anil.saldhana Apr 9, 2012 10:49 PM (in response to aljacinto)Thank you Alex. I also pointed to your article via my blog post. http://anil-identity.blogspot.com/2012/04/picketlink-sts-on-jboss-as-71x.html