I would like to know how can I retrieve a assertion consumer url from the below metadata file using Opensaml library.I have used that library and got the entity Id through the code
EntityDescriptor entityDescriptor = (EntityDescriptor)filesystemMetadataProvider.getMetadata();
System.out.print(entityDescriptor.getEntityID());
Now I need to get a assertion consumer url from metadata file Can you please anyone suggest me a code fragment to retrieve this.
here is my metadata file
<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="loadbalancer-9.siroe.com">
<SPSSODescriptor
AuthnRequestsSigned="false"
WantAssertionsSigned="false"
protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIICYDCCAgqgAwIBAgICBoowDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz
dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh
dGUgTWFuYWdlcjAeFw0wNjExMDIxOTExMzRaFw0xMDA3MjkxOTExMzRaMDcxEjAQBgNVBAoTCXNp
cm9lLmNvbTEhMB8GA1UEAxMYbG9hZGJhbGFuY2VyLTkuc2lyb2UuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCjOwa5qoaUuVnknqf5pdgAJSEoWlvx/jnUYbkSDpXLzraEiy2UhvwpoBgB
EeTSUaPPBvboCItchakPI6Z/aFdH3Wmjuij9XD8r1C+q//7sUO0IGn0ORycddHhoo0aSdnnxGf9V
tREaqKm9dJ7Yn7kQHjo2eryMgYxtr/Z5Il5F+wIDAQABo2AwXjARBglghkgBhvhCAQEEBAMCBkAw
DgYDVR0PAQH/BAQDAgTwMB8GA1UdIwQYMBaAFDugITflTCfsWyNLTXDl7cMDUKuuMBgGA1UdEQQR
MA+BDW1hbGxhQHN1bi5jb20wDQYJKoZIhvcNAQEEBQADQQB/6DOB6sRqCZu2OenM9eQR0gube85e
nTTxU4a7x1naFxzYXK1iQ1vMARKMjDb19QEJIEJKZlDK4uS7yMlf1nFS
</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIICTDCCAfagAwIBAgICBo8wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEeMBwGA1UEChMVU3VuIE1pY3Jvc3lz
dGVtcyBJbmMuMRowGAYDVQQLExFJZGVudGl0eSBTZXJ2aWNlczEcMBoGA1UEAxMTQ2VydGlmaWNh
dGUgTWFuYWdlcjAeFw0wNjExMDcyMzU2MTdaFw0xMDA4MDMyMzU2MTdaMCMxITAfBgNVBAMTGGxv
YWRiYWxhbmNlci05LnNpcm9lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw574iRU6
HsSO4LXW/OGTXyfsbGv6XRVOoy3v+J1pZ51KKejcDjDJXNkKGn3/356AwIaqbcymWd59T0zSqYfR
Hn+45uyjYxRBmVJseLpVnOXLub9jsjULfGx0yjH4w+KsZSZCXatoCHbj/RJtkzuZY6V9to/hkH3S
InQB4a3UAgMCAwEAAaNgMF4wEQYJYIZIAYb4QgEBBAQDAgZAMA4GA1UdDwEB/wQEAwIE8DAfBgNV
HSMEGDAWgBQ7oCE35Uwn7FsjS01w5e3DA1CrrjAYBgNVHREEETAPgQ1tYWxsYUBzdW4uY29tMA0G
CSqGSIb3DQEBBAUAA0EAMlbfBg/ff0Xkv4DOR5LEqmfTZKqgdlD81cXynfzlF7XfnOqI6hPIA90I
x5Ql0ejivIJAYcMGUyA+/YwJg2FGoA==
</X509Certificate>
</X509Data>
</KeyInfo>
<EncryptionMethod Algorithm=
"https://www.w3.org/2001/04/xmlenc#aes128-cbc">
<KeySize xmlns="https://www.w3.org/2001/04/xmlenc#">128</KeySize>
</EncryptionMethod>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://LoadBalancer-9.siroe.com:3443/federation/
SPSloRedirect/metaAlias/sp"
ResponseLocation="https://LoadBalancer-9.siroe.com:3443/
federation/SPSloRedirect/metaAlias/sp"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://LoadBalancer-9.siroe.com:3443/
federation/SPSloSoap/metaAlias/sp"/>
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://LoadBalancer-9.siroe.com:3443/federation/
SPMniRedirect/metaAlias/sp"
ResponseLocation="https://LoadBalancer-9.siroe.com:3443/
federation/SPMniRedirect/metaAlias/sp"/>
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://LoadBalancer-9.siroe.com:3443/
federation/SPMniSoap/metaAlias/sp"
ResponseLocation="https://LoadBalancer-9.siroe.com:3443/
federation/SPMniSoap/metaAlias/sp"/>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</NameIDFormat>
<AssertionConsumerService
isDefault="true"
index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://LoadBalancer-9.siroe.com:3443/
federation/Consumer/metaAlias/sp"/>
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://LoadBalancer-9.siroe.com:3443/
federation/Consumer/metaAlias/sp"/>
</SPSSODescriptor>
<test>true</test>
<issuer>www.tryyujh.com</issuer>
</EntityDescriptor>
for (AssertionConsumerService acs : entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
.getAssertionConsumerServices()) {
assertionConsumerServiceURL = ars.getLocation();
}
I have more examples on how to use OpenSAML and metadata on my blogg and in my book, A Guide to OpenSAML.
Related
We are busy upgrading our camel routes from 2.x to 3.2 and we have run into a problem with the usage of JavaScript. In our applications JavaScript is used extensively to transform simple JSON to other JSON. We use XML DSL extensively as well. Our typical pattern is something like this simplified code:
<transform id="transform_customer_response">
<javaScript>
<![CDATA[
(function map() {
var msg = {
name: request.body.name,
hash: request.headers.hash
};
return JSON.stringify(msg);
})()
]>
</javaScript>
</transform>
I understand the the <javaScript> language component has been deprecated and removed in Camel 3 as the latest documentation does not show this. However it seems that JavaScript is still supported through the <language language="javascript"> tag.
Other background information:
Springboot Version: 2.2.6.RELEASE
Apache Camel Version: 3.2.0
JDK/VM: OpenJDK 64-Bit Server VM GraalVM CE 20.0.0 (build
11.0.6+9-jvmci-20.0-b02, mixed mode, sharing)
Link to Camel documentation here: https://camel.apache.org/components/3.2.x/language-component.html
I tried translating this above code to the piece below but get an No language could be found for: javascript exception.
<language language="javascript">
(function map() {
var msg = {
name: request.body.name,
hash: request.headers.hash
};
return JSON.stringify(msg);
})()
</language>
Full Stack Trace:
org.apache.camel.FailedToCreateRouteException: Failed to create route createCustomerRoute at: >>> Transform[javascript{
(function map() {
var msg = {
name: request.body.name,
hash: request.headers.hash
};
return JSON.stringify(msg);
})()
}] <<< in route: Route(createCustomerRoute)[From[direct:create_customer] -> [... because of No language could be found for: javascript
at org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:393) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.RouteReifier.createRoute(RouteReifier.java:117) ~[camel-core-engine-3.2.0.jar:3.2.0]
at `No language could be found for: javascript`org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:353) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:327) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.impl.engine.AbstractCamelContext.doInit(AbstractCamelContext.java:2598) ~[camel-base-3.2.0.jar:3.2.0]
at org.apache.camel.support.service.BaseService.init(BaseService.java:83) ~[camel-api-3.2.0.jar:3.2.0]
at org.apache.camel.impl.engine.AbstractCamelContext.init(AbstractCamelContext.java:2431) ~[camel-base-3.2.0.jar:3.2.0]
at org.apache.camel.support.service.BaseService.start(BaseService.java:111) ~[camel-api-3.2.0.jar:3.2.0]
at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2448) ~[camel-base-3.2.0.jar:3.2.0]
at org.apache.camel.spring.SpringCamelContext.start(SpringCamelContext.java:121) ~[camel-spring-3.2.0.jar:3.2.0]
at org.apache.camel.spring.CamelContextFactoryBean.start(CamelContextFactoryBean.java:373) ~[camel-spring-3.2.0.jar:3.2.0]
at org.apache.camel.spring.CamelContextFactoryBean.onApplicationEvent(CamelContextFactoryBean.java:420) ~[camel-spring-3.2.0.jar:3.2.0]
at org.apache.camel.spring.CamelContextFactoryBean.onApplicationEvent(CamelContextFactoryBean.java:94) ~[camel-spring-3.2.0.jar:3.2.0]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:897) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
at com.ventia.nexusarchetype.NexusArchetypeApplication.main(NexusArchetypeApplication.java:12) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) ~[spring-boot-devtools-2.2.6.RELEASE.jar:2.2.6.RELEASE]
Caused by: org.apache.camel.NoSuchLanguageException: No language could be found for: javascript
at org.apache.camel.impl.engine.DefaultLanguageResolver.noSpecificLanguageFound(DefaultLanguageResolver.java:92) ~[camel-base-3.2.0.jar:3.2.0]
at org.apache.camel.impl.engine.DefaultLanguageResolver.resolveLanguage(DefaultLanguageResolver.java:68) ~[camel-base-3.2.0.jar:3.2.0]
at org.apache.camel.impl.engine.AbstractCamelContext.resolveLanguage(AbstractCamelContext.java:1726) ~[camel-base-3.2.0.jar:3.2.0]
at `No language could be found for: javascript`org.apache.camel.reifier.language.ExpressionReifier.createExpression(ExpressionReifier.java:116) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.AbstractReifier.createExpression(AbstractReifier.java:102) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.TransformReifier.createProcessor(TransformReifier.java:34) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.ProcessorReifier.makeProcessor(ProcessorReifier.java:766) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.ProcessorReifier.addRoutes(ProcessorReifier.java:511) ~[camel-core-engine-3.2.0.jar:3.2.0]
at org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:391) ~[camel-core-engine-3.2.0.jar:3.2.0]
... 32 common frames omitted
I have tried with groovy which produced No language could be found for: groovy. I then add a dependency for groovy as shown below:
<dependency>
<groupId>org.apache.camel.springboot</groupId>
<artifactId>camel-groovy-starter</artifactId>
<!-- use the same version as your Camel core version -->
</dependency>
This works I can transform a body using groovy and there is no issues. So I am missing a javascript dependency/start yet when I tried adding the depdency below it is not found. I checked maven as well I cannot find a camel-javascript-starter for Camel 3.2.
<dependency>
<groupId>org.apache.camel.springboot</groupId>
<artifactId>camel-javascript-starter</artifactId>
<!-- use the same version as your Camel core version -->
</dependency>
It really looks like JavaScript has been deprecated completely. However the documentation still alludes to it being available.
See a snippet of documentation below:
languageName:
Required Sets the name of the language to use. The value can be one of: bean, constant, exchangeProperty, file, groovy, header, javascript, jsonpath, mvel, ognl, , ref, simple, spel, sql, terser, tokenize, xpath, xquery, xtokenize
In short either there is a missing dependecy for Camel 3.2 or Javascript has been deprecatted. Or am I missing something completely.
Javascript language is part of camel-script dependency. It has been deprecated in 2.x and removed in 3.x with CAMEL-13113. This is because Nashorn engine, which is heavily used in camel-script, is deprecated in JDK11 (JEP 335) and is scheduled to be removed from next JDK release (JEP 372).
Currently there is no direct replacement in Apache Camel. I have logged CAMEL-14970 to find alternative engine.
The ruby-saml gem supports adding certificate and private-key info to Service Provider's metadata, but as far as I can tell, that configures only signing certificate, but not encryption one. Here's what I do:
settings.certificate = "---- BEGIN CERTIFICATE----..."
settings.private_key = "-----BEGIN PRIVATE KEY----..."
which results in the following XML section added to Service Provider's metadata:
<md:KeyDescriptor use='signing'>
<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:X509Data>
<ds:X509Certificate>
CERTIFICATE IS HERE GSDk3tShjl4yhShj4Hr....
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
But how do I configure ruby-saml to add a similar section for use='encryption' in addition to use='signing'?
If I understood correctly, You are not able to send the SAMLResponse in the encrypted form. If that is the case, when you are building the SAML response, send one more parameter
saml_response = encode_response( :encryption => encryption_opts())
def encryption_opts:
return {
cert: saml_request.service_provider.cert,
block_encryption: 'aes256-cbc',
key_transport: 'rsa-oaep-mgf1p'
}
I have a WSDL that contains WSPolicy, the policy defined uses supporting tokens and with-in supporting tokens it uses X509 Tokens. Below is a snippet of the WSDL having the policy
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:fn="http://www.w3.org/2005/xpath-functions"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wssutil:Id="MyPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Now when I generate my client (using Apache CXF), consume any web service operation, I don't see the wssec security header getting added to the SOAP header. As a result, the SOAP service throws error as the Policy Validation Interceptor fails.
I have done a lot of search and have not found any sample / example using this kind of policy, supporting tokens have been used along with Assymetric / Symmetric bindings.
Want to know if the policy defined is correct, if yes, then what will be the client code to access this service.
Just to add, when I put below interceptor into the client code, the security header gets added (with a Binary Security Token and Signature), however, the service still fails (with Policy Verification Interceptor)
Client client = ClientProxy.getClient(port);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, "myclientkey");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientKeystorePasswordCallback.class.getName());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "clientKeystore.properties");
outProps.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
client.getOutInterceptors().add(wssOut);
Below is the error stack trace
Caused by: org.apache.cxf.binding.soap.SoapFault: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:86)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:52)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:41)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1638)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1527)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
... 2 more
Any help will be much appreciated!! I am stuck with this issue since 2 days.
Using a BinarySecurityToken as a SupportingToken with no security binding won't work with CXF. You need to specify a security binding in order to sign the request as well.
My ESB flow needs to get files from a dynamic folder. This folder name changes based on month and year. Hence, I configured my inbound-endpoint as shown below but I am getting below error. I really appreciate any help on this.
Flow:
<flow name="DataMapperTestFlow" doc:name="DataMapperTestFlow">
<file:inbound-endpoint path="C:\#[new Date().format('yyyy\\MMMM')]" moveToDirectory="C:\#[new Date().format('yyyy\\MMMM')]\backup" pollingFrequency="10000" responseTimeout="10000" doc:name="File">
<file:filename-regex-filter pattern=".*.xls" caseSensitive="true"/>
</file:inbound-endpoint>
<custom-transformer class="ExcelToJava" doc:name="Java"/>
<jdbc-ee:outbound-endpoint exchange-pattern="one-way" queryKey="insertTestHeaders" connector-ref="NewDatabase" doc:name="InsertHeaders"/>
<set-payload value="#[payload.excelData.excelRows]" doc:name="Set Payload"/>
<jdbc-ee:outbound-endpoint exchange-pattern="one-way" queryKey="insertTestRows" connector-ref="NewDatabase" doc:name="InsertRows"/>
</flow>
Error:
org.mule.api.endpoint.MalformedEndpointException: The endpoint
"file:///C:/#[new Date().format('yyyy/MMMM')]" is malformed and cannot
be parsed. If this is the name of a global endpoint, check the name
is correct, that the endpoint exists, and that you are using the
correct configuration (eg the "ref" attribute). Note that names on
inbound and outbound endpoints cannot be used to send or receive
messages; use a named global endpoint instead.. Only Outbound
endpoints can be dynamic
"Only Outbound endpoints can be dynamic" quite says it all. You can have a look at the Mule Requester Module if it suits your needs, or try creating endpoints/flows programmatically with a scheduler and Java/Groovy/etc code.
I'm getting error message in Novell iManager "The XML is malformed. cvc-complex-type.2.4.a: Invalid content was found starting with element 'md:EncryptionMethod'. One of '{"http://www.w3.org/2000/09/xmldsig#":KeyInfo}' is expected." when add this service provider metadata:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="https://.../" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true" AuthnRequestsSigned="true">
<md:KeyDescriptor use="encryption">
<md:EncryptionMethod xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data><X509Certificate>...</X509Certificate></X509Data>
</KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService isDefault="true" index="0" Location="https://.." Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
</md:SPSSODescriptor>
<md:Organization>...</md:Organization>
...
</md:EntityDescriptor>
What I do in Novell iManager: IdentityServers -> AH DMZ Identity Server -> New Trusted Provider -> Service Provider -> Source: Metadata Text
The strange thing is that it complains on lack of KeyInfo element while it's here with the correct namespace. Any idea why it might be?
If I specify third-party metadata from here: https://federation.njedge.net/metadata/njedge-fed-metadata.xml it says
"The XML is malformed.
cvc-complex-type.2.4.a: Invalid content was found starting with element 'Organization'. One of '{"http://www.w3.org/2000/09/xmldsig#":Signature, "urn:oasis:names:tc:SAML:2.0:metadata":Extensions, "urn:oasis:names:tc:SAML:2.0:metadata":RoleDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":IDPSSODescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":SPSSODescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":AuthnAuthorityDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":AttributeAuthorityDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":PDPDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":AffiliationDescriptor}' is expected.
"
Looks like it expects some service provider specific metadata file format, and unfortunately I was unable to find any information about different formats of SAML 2.0 metadata.
Loos like there were 2 issues:
1) Novell expects strict order of elements
2) It does not recognize default namespace like <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> instead use <somenamespace:KeyInfo xmlns:somenamespace="http://www.w3.org/2000/09/xmldsig#">
weird :)