Apache CXF Out Interceptor change fault Response - cxf

How would I be able to handle a soap fault in cxf out interceptor but changing the response from fault to success response, I am also using ws-addressing and WSS4J as part of the response.
I am struggling to return a
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
ws-address- ws-security
<soap:Body>
<Response>
Ok!
</Response>
</soap:Body>
</soap:Envelope>
rather I am currently getting
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Receiver</soap:Value>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">Fault occurred while processing.</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>

The documentation(http://cxf.apache.org/docs/interceptors.html) says:
Additionally, in the case of SOAPFaults, a CXF web service will create a separate outbound error handling chain and the client will create an inbound error handling chain.
So I think you have to add a InFaultInterceptor/OutFaultInterceptor where you can handle your response message.

Related

The SOAP request must use SOAP 1.1, did not receive a SOAP 1.1 Envelope as the document root

I am trying to create Bulk API job using CURL command.my file job.txt is as below-
<?xml version="1.0" encoding="UTF-8"?>
<jobInfo xmlns="http://www.force.com/2009/06/asyncapi/dataload">
<operation>Query</operation>
<object>account</object>
<contentType>CSV</contentType>
</jobInfo>
curl command is as below-
curl https://XXXXX.salesforce.com/services/Soap/u/42.0 -H "X-SFDC-Session:XXXXXXXXX" -H "Content-Type: text/xml; charset=UTF-8" -H "SoapAction":Query -d #job.txt
but when i execute above command i am getting the error as below-
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://shemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapev:VersionMismatch</faultcode><faultstring>The SOAP request must use SOAP 1.1, did not recieve a SOAP 1.1 Envelope as the document root</faultstring></soapenv:Fault></soapenv:Body></soapenv:Envelope>
i am new to SFDC bulk api
You are calling the SOAP endpoint where you should be calling the REST endpoint (or use a SOAP request on the SOAP endpoint).
I think you are using this example: https://developer.salesforce.com/docs/atlas.en-us.api_asynch.meta/api_asynch/asynch_api_code_curl_walkthrough.htm. If that's the case you are using the wrong request URL. Try /services/async/42.0/job instead of /services/Soap/u/42.0.

SAML 2.0 invalid request SSOCIRCLE

I am trying to send a SAML request to the public IDP SSOCircle. I imported its metadata and try to authenticate against this URL:
https://idp.ssocircle.com/sso/idpssoinit?metaAlias=%2Fpublicidp&spEntityID=sp.bogdan.test
But when I send this request from my app, the following error is displayed:
Error occurred Reason: The SAML Request is invalid.
this my request:
a link
and this is the SAML message in the request that I wrote:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_3b7f937b-073d-4289-b2d1-35e786ebb524" Version="2.0" IssueInstant="2017-04-03T12:42:06Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://localhost:61344/Account/AssertionConsumerService">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.ssocircle.com</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" AllowCreate="true"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
It may be as simple as not having registered the right Assertion Consumer URL (http://localhost:61344/Account/AssertionConsumerService) with SSOCircle. But you should really look in to the SSOCircle debug logs to find out more.
In your example you are sending https://idp.ssocircle.com as the Issuer of the AuthnRequest. The Issuer of the request is not the IDP but the SP. In your case it should be sp.bogdan.test

How does a SAML Service Provider match an IDP metadata information?

I'm using TestShib and Python Social Auth SAML backend to implement a Service Provider on a Django app.
I've been able to configure my app, and build a metadata file.
TestShib allows for my metadata file to be uploaded here.
I have configured TestShib's metadata correctly on my end and built up a test button pointing to TestShib's endpoint.
When I click that button, I get redirected to TestShib, then provide test credentials, and then I get an error because the metadata does not match the redirect.
How does TestShib, or any other IDP for that matter, manage to find the right metadata (among several SPs) after an incoming auth request? Does the EntityID have to match the URL of the Service Provider?
EDIT: (added more info)
SP's metadata (uploaded previously to TestShib):
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" cacheDuration="P10D" entityID="https://www.example.com">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDBDC .. QltX1icsr0=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDBDC .. QltX1icsr0=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://staging.example.com/complete/xx-saml/" index="1" />
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en-US">example</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en-US">Example</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en-US">https://www.example.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>John Doe</md:GivenName>
<md:EmailAddress>johndoe#example.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>John Doe</md:GivenName>
<md:EmailAddress>johndoe#example.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
Request:
https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fVNN ...
<samlp:AuthnRequest
AssertionConsumerServiceURL="https://staging.example.com/complete/saml/"
Destination="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO"
ID="ONELOGIN_973a7f348c282cc6dedd4410f900efcf9538dcda" IssueInstant="2016-08-22T14:12:11Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="Example"
Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>https://www.example.com</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Error:
10:10:39.009 - WARN [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:206] - Relying party 'https://www.example.com' requested the response to be returned to endpoint with ACS URL 'https://staging.example.com/complete/saml/' and binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' however no endpoint, with that URL and using a supported binding, can be found in the relying party's metadata
10:10:39.009 - ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:447]
- No return endpoint available for relying party https://www.example.com
https://staging.example.com/complete/saml/ is available so the problem seems to be that the metadata info was not found by TestShib. Entity ID and Issuer seem to match ..
The Assertion Consumer Service URL in the AuthN Request (https://staging.example.com/complete/saml/) doesn't match the one in the metadata (https://staging.example.com/complete/xx-saml/), which is is also in line with the error thrown by the IdP.
The quickest fix would be to edit the metadata and correct the <md:AssertionConsumerService.../> element so that it reflects the actual ACS to be used.

Apache Camel error handler : Spring DSL

I have a question about adding an Apache Camel error handler to my config. I think I am doing something very silly that is probably a basic mistake.
I want to add two types of error handling...
<camel:errorHandler id="errorHandler" type="DefaultErrorHandler"
<camel:redeliveryPolicy maximumRedeliveries="0"/>
</camel:errorHandler>
and
<onException>
<exception>java.sql.SQLException</exception>
<redeliveryPolicy maximumRedeliveries="0"/>
<to uri="log:xml?level=ERROR"/>
</onException>
Every time I add these to my context xml files the xml editor in Eclipse tells me that I have invalid XML content. I must be missing a namespace or something. For the first type of catch all exceptions I am placing that outside my camel context to then reference errorHandlerRef. For the 2nd type of error handling specifically to catch sql exceptions I am placing that in the route itself.
Here is my XML declaration.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:camel="http://camel.apache.org/schema/spring"
xsi:schemaLocation="
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
Can anyone shed some light here pls... thanks

How to get Solr Core Admins API response in JSON

Solr core admin API returns response in XML like the following:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader"><int name="status">0</int><int name="QTime">2155</int></lst><str name="core">test</str>
</response>
I am wondering if there is a way to get this back in JSON.
You need to append the link with &wt=json.
This will give you the output in JSON format.

Resources