I am using a CXF component which will take username and password as its properties and I am getting username and password in Camel Exchange Header, So I tried to set this way:
<to uri="cxf:{myurl}?dataFormat=MESSAGE&username=${in.header.username}&password=${in.header.password}"/>
But it is giving me authentication failure error as username and password are not set properly.
See this FAQ about how to use dynamic values in the to
http://camel.apache.org/how-to-use-a-dynamic-uri-in-to.html
So by using recipient list EIP you can do this
<recipientList>
<simple>cxf:{myurl}?dataFormat=MESSAGE&username=${in.header.username}&password=${in.header.password}"</simple>
</recipientList>
Related
I have tried using the sso url as mentioned "Single Signon Service"https://auth.pingone.asia/{env}/saml20/idp/sso , and issuer as https://auth.pingone.asia/{env}. but getting ErrorCode: INVALID_ISSUER - Unable to find application for spEntityId: 'https://auth.pingone.asia/{env}' in environment {env}.
Please help me to understand where exactly I have wrong configuration.
Check if you have created a SAML Application, if not, try creating it with https://apidocs.pingidentity.com/pingone/platform/v1/api/#post-create-application-saml-protocol
Note: acs url is the place where you want PingIdentity to redirect after login authentication is completed. You will get a SAMLRespose also posted there.
(OR) You can create SAML application directly from the PingIdentity console itself by selecting Add Application, Select SAML as type, and Set Manual Saml configuration by specifying entity id (something unique) and ACS url.
Go to ping console dashboard, and check the Entity ID of the application, it should match with your AuthnRequest saml:Issuer
Example if your dashboard is like this with Entity ID "test",
then your AuthnRequest should look like this:
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="test"
Version="2.0"
IssueInstant="2022-09-19T16:46:59">
<saml:Issuer>test</saml:Issuer>
</samlp:AuthnRequest>
Note the line: <saml:Issuer>test</saml:Issuer>
I have to send messages to IBM MQ by hitting a rest service. Below is the code I came up with, using Camel XML DSL.
<rest path="/basePath">
<post uri="/path" consumes="application/xml" produces="application/xml">
<to uri="ibmmq:QUEUE.NAME"/>
</post>
</rest>
When I try to post the message, I get the following exception
org.apache.camel.RuntimeExchangeException: Failed to resolve replyTo destination on the exchange
Is the post method expecting response back from QUEUE, so that it can respond back to rest client?
I only need the post service to reply with 200, if the message is successfully produced to QUEUE, 500 otherwise.
How to solve this problem?
Pattern of your exchange is InOut so this is default behavior for your jms producer. Try change it for specific endpoint like this:
<to uri="ibmmq:QUEUE.NAME" pattern="InOnly"/>
I am storing sensitive information like password, APIKey etc in JBoss AS vault.I need to retrieve it in camel route and set camel exchange headers.
I tried in below it is not working.
<setHeader headerName="apikey">
<simple>{{VAULT::event_policy_online::password::1}}</simple>
</setHeader>
how can i achieve it?
You can create an EAP system property (for example, myfusepassword) for the password you created in the vault.
Then the password can be accessed in the camel configuration by using the following notation:
${sys.myfusepassword}
I have a WSO2IS 5.2 acting as a federation hub. The AuthnRequest that it sends to IdP (in this case PingFederate) includes this NameIDPolicy:
<saml2p:NameIDPolicy AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
SPNameQualifier="WSO2IS"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
/>
After logging in at PingFederate it sends back SAML message including this:
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" />
</samlp:StatusCode>
<samlp:StatusMessage>Cannot provide requested name identifier qualified with WSO2IS</samlp:StatusMessage>
</samlp:Status>
I've tried uid and mail NameID values in PingFederate but I always get this response. I would like to try changing the NameIDPolicy format that wso2is sends but have not found a way to do it. I think it should be a SAML:2.0 format.
Only thing I found was "Include NameID Policy" check box in IdP settings but it stays checked even if I uncheck it and save.
How to change the NameIDPolicy format?
UPDATE: I solved the problem by enabling pseudonym identifier at PingFederate and sending username as attribute. Still it would be good to know the answer to my question.
Yes your understanding is correct. You could need to change the NameIDPolicy. You can found it in service provider (SP) creation page. Go to WSO2 IS management console, Home>service Provider>Add> .
After that need to enter the name for SP and click the register button.
Now you are in Service provider configuration page.
GO to Inbound Authentication Configuration>SAML2 Web SSO Configuration>configure.
This page you can configure SAML2 Web SSO configuration and page header show as
Register New Service Provider and go to NameID format change the urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress instead of urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
You can found more details from WSO2 documentation [1].
[1] https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0
I have a bean setup which returns a decoded password for a keystore. For CXF calls I can get the password using #{decoder.keystorePassword} but when I try to do the same thing from camel:keyStore password for a rest call, it doesn't work and just uses #{..} as the password. I imagine the syntax for referencing a bean is slightly different because I am in a camel component?
Any suggestions on how to get the value here?