0 Replies Latest reply: Apr 26, 2013 5:20 AM by Indrajith RSS

    SAML Token Profile Policies Issues

    Indrajith
      Hi all

      i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.

      I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.

      I gave the Issues as http://com.example.idp/AssertingParty

      Below is the Soap Request Which i send to my Webservice.

      <?xml version="1.0" encoding="UTF-8"?>
      <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
      <env:Header>
      <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
      <saml:Assertion
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      ID="_15931837d93e95e7e7ffbaa038ad4942"
      IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
      <saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
      <saml:Subject>
      <saml:NameID Format="NameID">weblogic_sp</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
      </saml:Subject>
      <saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
      <saml:AuthnStatement>
      <saml:AuthnContext>
      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
      </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
      <saml:Attribute Name="Roles">
      <saml:AttributeValue>Administrators</saml:AttributeValue>
      </saml:Attribute>
      </saml:AttributeStatement>
      </saml:Assertion>
      </wsse:Security>
      </env:Header>
      <env:Body/>
      </env:Envelope>

      I am Getting the below error.

      <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
      <env:Body>
      <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <faultcode>wsse:InvalidSecurityToken</faultcode>
      <faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
      </env:Fault>
      </env:Body>
      </env:Envelope>

      I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.

      <WSEE:24>Created<SoapMessageContext.<init>:48>
      <WSEE:24>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@1d36368<SoapMessageContext.setMessage:65>
      <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
      <WSEE:24>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@1d36368<SoapMessageContext.setMessage:65>
      <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
      <WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
      <WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
      <WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
      <WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
      <WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>


      Please let me if i am doing any thing wrong.

      Thanks
      Ranjith