I have an interceptor, for inbound responses to my client, that runs in the pre-logical phase of an apache cxf 2.7 jax-ws app. That interceptor logs the soap envelope body to a file as a string; no marshalling involved. When the request and response are fine, it works great. But when the response fails to pass schema validation, the interceptor does not create a new file. So I'm guessing the pre-logical phase happens after the schema validation but I have not found any good docs describing all the phases and order of processing. What is the phase just before schema validation? http://cxf.apache.org/docs/interceptors.html
Just now found this... http://www.mastertheboss.com/images/stories/ws/interceptors.png
I will also try to temporarily turn off schema validation for this client.
Related
I need to retrieve SSO Siteminder's headers from the request.
It seems it is not possible to do it from browser/js because they are server side headers.
I can see the cookie session broeser correctly set, now I need to read the headers from the request, but I could not achieve this.
I've seen some topic in which they got them using a while loop in a JSP page.
Should I do it from Java Spring or is there some other way?
Every server-side webapp language and framework has methods for inspecting the inbound HTTP request to see the headers, including JEE, Spring Framework, even NodeJS.
As an SP, we've opted for the POST binding option - it seemed to be the advised approach. SAML is now set up and working with the IDP. We would now like to change to Redirect as it is better handled in Ajax calls after timeout.
My question is whether we can switch from POST to Redirect without incurring a setup change on the IDP side. Seeing as both bindings are just using the UserAgent (browser) as a transport anyway, I figured it may be possible. But the binding is defined in the AssertionConsumerService in the metadata which indicates that IDP would need to be informed and have its configuration changed.
Sending a SAML Response (which is what is sent to an Assertion Consumer Service endpoint) via Redirect is not supported by the SAML spec since responses easily get too large to send as a query parameter. See line 420 in the SAML Web SSO Profile spec https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
Identity Provider issues to Service Provider In step 5, the identity provider issues a message to be delivered by
the user agent to the service provider. Either the HTTP POST, or HTTP
Artifact binding can be used to transfer the message to the service
provider through the user agent. The message may indicate an error, or
will include (at least) an authentication assertion. The HTTP Redirect
binding MUST NOT be used, as the response will typically exceed the
URL length permitted by most user agents.
You can switch to Artifact, though SP metadata will need to updated on the IDP to relay the changed endpoint.
I am trying to implement a SAML Request Assertion Consumer Service (RACS) with Apache CXF 2.7.7
Unfortunately the response of my Identity Provider does not include a keyInfo (which is defined optional in the SAML specification).
This leads to an exception when processing the response, because CXF tries to load a DOM for the keyInfo.
java.lang.NullPointerException
at org.apache.ws.security.saml.ext.AssertionWrapper.verifySignature(AssertionWrapper.java:536)
I have a valid keystore.properties file as well as the certificate on my RACS site, but this does not chage the behaviour. Is this a bug in CXF or did I miss something to set up for my RACS?
After discussing this problem in the CXF Mailing List, we found out, that it is a bug in CXF Framework. A new issue was created here
Sending the KeyInfo in a SAML Request is optional (see Specification Section 5.4.5).
Currently there is no easy workaround available.
When calling a web service from Force.com, I am getting:
System.CalloutException: Web service callout failed: Unexpected
element. Parser was expecting element
'http://schemas.xmlsoap.org/soap/envelope/:Envelope' but found ':HTML'
The network guys at the other end has asked to see the full response that Salesforce is getting from their server.
Is there a way to achieve that? I have tried running with debug level 'Finest' from execute anonymous, but that yields the same little message with no further detail.
The message you are getting is because an error is generated as Saleforce is trying to parse the response is and it isn't logged unfortunately.
The parsing error is happening because instead of a SOAP message response you are getting an HTML page. This usually happens when you are accessing a service that is protected behind a firewall. Which means you may be able to see the service when browsing on your computer but remember that Salesforce is outside of your firewall and thus any communication by Salesforce to your service will be blocked.
Couple of ways to address this but this wiki topic from Salesforce best covers the options:
http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_om_outboundmessaging_security.htm
The above is specific to outbound messaging but essentially the technology issues are the same.
Don't forget that Apex includes an HttpRequest Class that works as a lower layer than the SOAP APIs. You should be able to write up a test method that sends a hard-coded XML request to the server and dumps the HttpResponse so you can see it.
Adding my own best answer, based on some internet research:
You can use an external tool like Runscope as a webservice proxy to automatically forward requests and pass through responses and view the XML SOAP messages. This is not a native solution on SFDC but it does do the job.
https://www.runscope.com/
The issue is that Force.com is trying to parse a SOAP response that's actually just HTML. This happens sometimes when an error occurred server-side and the response is meant for a browser to display, rather than sending back an exception report via a properly formatted SOAP response.
If they can't figure out why they are not sending back a consumable SOAP response, then you can try using other tools (outside of Force.com) to make the same webservice call from your browser and then see what the HTML actually says on return.
How to Send POST method with multipart request using CAMEL
I have an application with camel setup and i need to attach documents and send and HTTP POST request.
How can i do this,
You can always write some java code with the apache httpcompenents library. see http://hc.apache.org/
It is not difficult to use