0

Working with CXF STS- STS client example I followed the example at https://web-gmazza.rhcloud.com/blog/entry/cxf-sts-tutorial and my sample code is at https://github.com/sampleref/CXFSecurity for reference. On debugging I found error as below at STS provider

    <<||2014-07-13 18:26:50,286||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.UsernameTokenProcessor:50||||>> Found UsernameToken list element 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:78||||>> UsernameToken user alice 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:79||||>> UsernameToken password type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:115||||>> Found signature element 
<<||2014-07-13 18:26:50,288||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:380||||>> Verify XML Signature 
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:428||||>> XML Signature verification has failed 
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:431||||>> Signature Validation check: false

Please provide some inputs, Its really important working for me with this. I posted more detailed error from STS Client at CXF STS client throws Request does not contain Security header/Response message does not contain WS-Addressing properties

Community
  • 1
  • 1
Chakradhar K
  • 501
  • 13
  • 40

2 Answers2

0

The problem is that you are not supplying the password for the private key in the STS. So for example, adding the following to the StsPasswordCallbackHandler makes the decryption work:

x509Passwords.put("stskeyalias", "stskeypassword");

You also need to remove the BouncyCastle dependency from the STS pom.

Colm.

Colm O hEigeartaigh
  • 1,882
  • 1
  • 12
  • 7
  • Hi Colm, Thanks for response. I have modified example at [https://github.com/sampleref/CXFSecurity] as per the suggestions, but I am still facing the same error as, `<<||2014-07-14 21:51:14,125||http-apr-8080-exec-8|DEBUG|org.apache.ws.security.processor.SignatureProcessor:428||||>> XML Signature verification has failed <<||2014-07-14 21:51:14,127||http-apr-8080-exec-8|DEBUG|org.apache.ws.security.processor.SignatureProcessor:431||||>> Signature Validation check: false ` – Chakradhar K Jul 14 '14 at 16:33
  • I have full key generation script https://github.com/sampleref/CXFSecurity/blob/master/CheckService/src/main/resources/servicekeystore/script_genkeys.txt. I am unable to figure out what is causing this error. Can you please suggest some key areas to look that might cause this error. The log at client says `WARNING: Response message does not contain WS-Addressing properties. Not correlating responseJul 14, 2014 10:16:43 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain Security header, but it's a fault.` – Chakradhar K Jul 14 '14 at 16:44
  • Hi Colm, I see similar issue at https://issues.apache.org/jira/browse/CXF-5679 and https://issues.apache.org/jira/browse/CXF-5724 . As it says the issue is resolved in 3.0.0 I tried to use 3.0.0. Now on startup I am getting error as `Caused by: org.apache.cxf.BusException: No DestinationFactory was found for the namespace http://schemas.xmlsoap.org/soap/http. ` Not sure of really how to proceed. Please provide some inputs – Chakradhar K Jul 15 '14 at 09:49
0

I think the issues, https://issues.apache.org/jira/browse/CXF-5679 and https://issues.apache.org/jira/browse/CXF-5724 were creating problems. I used CXF version 3.0.0 and able to get SAML assertion now

Thanks

Chakradhar K
  • 501
  • 13
  • 40