3 Replies Latest reply: May 1, 2012 9:20 AM by Anil Saldhana RSS

Timeout error on CXF client RST issue call to STS

Glen Mazza Newbie

Hi, I'm trying to convert my CXF to Metro STS tutorial[1] to one using the PicketLink STS instead.  I'm getting a timeout error on the response from the PicketLink STS for the web service client's (WSC's) token request call and am not sure what the problem is.  The JBoss server.log file does not give any error feedback.

 

I downloaded and installed on JBoss App Server 6.0 PicketLink 2 following the standard instructions here[2] except I'm running on port 8180 because I already have an instance of Tomcat running at 8080.  (i.e., started JBoss using "bin/sh run.sh -c pl -Djboss.service.binding.set=ports-01").

 

I'm able to read the WSDL from a browser at http://localhost:8180/picketlink-sts?wsdl and have confirmed that the basic auth authentication is working correctly (it will throw authorization errors if I omit or use a wrong username/password). 

 

Wireshark is showing that the WSC is making a SOAP request call but no response comes back, just a timeout error from the console window.  SOAP request:

 

POST /picketlink-sts HTTP/1.1

Content-Type: application/soap+xml; action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; charset=UTF-8

Accept: */*

Authorization: Basic YWRtaW46YWRtaW4=

User-Agent: Apache CXF 2.4.1

Cache-Control: no-cache

Pragma: no-cache

Host: localhost:8180

Connection: keep-alive

Content-Length: 1286

 

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst:SecondaryParameters><t:TokenType xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType><t:KeyType xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType><t:KeySize xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</t:KeySize></wst:SecondaryParameters><wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>http://localhost:8080/doubleit/services/doubleit</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:Entropy><wst:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">FJV9EHJqFOev9b3BcbEfEKFgcXqiGvODbFC9TNqoLWg=</wst:BinarySecret></wst:Entropy><wst:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</wst:ComputedKeyAlgorithm></wst:RequestSecurityToken></soap:Body></soap:Envelope>

 

The above request will work for an Metro STS call.

 

Here's my cxf.xml configuration file -- I just modified what I used for the Metro STS to use the PicketLink STS WSDL instead and added configuration for basic auth connectivity:

 

<beans xmlns="http://www.springframework.org/schema/beans"

   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xmlns:jaxws="http://cxf.apache.org/jaxws"

   xmlns:sec="http://cxf.apache.org/configuration/security"

   xmlns:http="http://cxf.apache.org/transports/http/configuration"

   xmlns:cxf="http://cxf.apache.org/core"

   xsi:schemaLocation="

        http://cxf.apache.org/configuration/security

        http://cxf.apache.org/schemas/configuration/security.xsd

        http://cxf.apache.org/transports/http/configuration

        http://cxf.apache.org/schemas/configuration/http-conf.xsd

        http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

        http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

 

   <http:conduit name="{urn:picketlink:identity-federation:sts}PicketLinkSTSPort.http-conduit">

       <http:authorization>

           <sec:UserName>admin</sec:UserName>

           <sec:Password>admin</sec:Password>

       </http:authorization>

   </http:conduit>

 

   <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort"

       createdFromAPI="true">

       <jaxws:properties>

           <entry key="ws-security.sts.client">

               <bean class="org.apache.cxf.ws.security.trust.STSClient">

                   <constructor-arg ref="cxf"/>

                   <property name="wsdlLocation" value="PicketLinkSTSService.wsdl"/>

                   <property name="serviceName" value="{urn:picketlink:identity-federation:sts}PicketLinkSTS"/>

                   <property name="endpointName" value="{urn:picketlink:identity-federation:sts}PicketLinkSTSPort"/>

                   <property name="properties">

                       <map>

                           <entry key="ws-security.username" value="alice"/>

                           <entry key="ws-security.callback-handler" value="client.UTCallbackHandler"/>

                           <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>

                           <entry key="ws-security.encryption.username" value="mystskey"/>

                           <entry key="ws-security.is-bsp-compliant" value="false"/>

                       </map>

                   </property>

               </bean>           

           </entry>

       </jaxws:properties>

   </jaxws:client>

 

</beans>

 

Here's the error stack when I attempt the WSC call to the STS:

 

gmazza@gmazza-work:~/dataExt3/ststutorial/DoubleIt-CXF/client$ mvn exec:exec

[INFO] Scanning for projects...

[INFO] ------------------------------------------------------------------------

[INFO] Building Web Service Client

[INFO]    task-segment: [exec:exec]

[INFO] ------------------------------------------------------------------------

[INFO] [exec:exec {execution: default-cli}]

Aug 1, 2011 3:28:13 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh

INFO: Refreshing org.apache.cxf.bus.spring.BusApplicationContext@49ff0dde: startup date [Mon Aug 01 15:28:13 EDT 2011]; root of context hierarchy

Aug 1, 2011 3:28:13 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources

INFO: Loaded configuration file cxf.xml.

Aug 1, 2011 3:28:13 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions

INFO: Loading XML bean definitions from class path resource [META-INF/cxf/cxf.xml]

Aug 1, 2011 3:28:13 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions

INFO: Loading XML bean definitions from class path resource [cxf.xml]

Aug 1, 2011 3:28:14 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons

INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@5fc6e818: defining beans [cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,{urn:picketlink:identity-federation:sts}PicketLinkSTSPort.http-conduit,{http://www.example.org/contract/DoubleIt}DoubleItPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItPort.jaxws-client]; root of factory hierarchy

Aug 1, 2011 3:28:14 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL

INFO: Creating Service {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: file:/media/NewDriveExt3_/ststutorial/DoubleIt-CXF/service/src/main/resources/DoubleIt.wsdl

Aug 1, 2011 3:29:15 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging

WARNING: Interceptor for {urn:picketlink:identity-federation:sts}PicketLinkSTS#{urn:picketlink:identity-federation:sts}IssueToken has thrown exception, unwinding now

org.apache.cxf.interceptor.Fault: Could not send Message.

    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)

    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:510)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:295)

    at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:537)

    at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:447)

    at org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:152)

    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:510)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)

    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:295)

    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)

    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)

    at $Proxy30.doubleIt(Unknown Source)

    at client.WSClient.doubleIt(WSClient.java:18)

    at client.WSClient.main(WSClient.java:11)

Caused by: java.net.SocketTimeoutException: SocketTimeoutException invoking http://localhost:8180/picketlink-sts: Read timed out

    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

 

 

Any idea what I'm doing wrong? 

 

Thanks!

Glen

 

[1] http://www.jroller.com/gmazza/entry/cxf_stsclient_metro_sts

[2] http://community.jboss.org/thread/162111