我正在尝试使用普通Java客户端和Metro Web服务API(webservices-rt-2.2.0-1)访问在.NET平台上编写的安全Windows Common Foundation(WCF)Web服务
使用WCF Web服务的WSDL和ant目标,我能够生成Web服务工件。
为了访问WCF Web服务,我需要在SOAP请求中插入SAML2令牌。通过访问REST服务来检索此SAML2令牌,该服务的响应包含SAML2断言。目前我将令牌作为String对象(整个断言XML)
My client code looks something like this:
MyService service = new MyService(new URL(wsdlLocation), new QName("http://tempuri.org/",
"MyService"));
IMyService port = service.getCustomBindingIMyService();
port.callMyServiceApi();
此代码抛出以下错误: WST0029:无法从IssuedToken或从客户端
获取STS位置由于这个原因,我将我的代码修改为以下内容:
MyService service = new MyService(new URL(wsdlLocation), new QName("http://tempuri.org/",
"MyService"));
DefaultSTSIssuedTokenConfiguration config = new DefaultSTSIssuedTokenConfiguration(stsEndpointAddress, wsdl, "MyService","CustomBinding_IMyService","http://tempuri.org/");
STSIssuedTokenFeature feature = new STSIssuedTokenFeature(config);
IMyService port = service.getCustomBindingIMyService(new WebServiceFeature[]{feature});
port.getApiVersion();
通过上述操作,STS位置错误消失,但出现以下错误。 线程“main”中的异常javax.xml.ws.WebServiceException:java.lang.NullPointerException at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:250) 在com.sun.xml.ws.api.pipe.Fiber .__ doRun(Fiber.java:961) 在com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910) 在com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873) 在com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775) 在com.sun.xml.ws.client.Stub.process(Stub.java:429) 在com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102) 在com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151) 在$ Proxy44.getApiVersion(未知来源) 在TnTActionsClient.callTnT(TnTActionsClient.java:426) 在TnTActionsClient.main(TnTActionsClient.java:447) 引起:java.lang.NullPointerException at com.sun.xml.ws.security.trust.impl.WSTrustClientContractImpl.setLifetime(WSTrustClientContractImpl.java:215) at com.sun.xml.ws.security.trust.impl.WSTrustClientContractImpl.handleRSTR(WSTrustClientContractImpl.java:145) 在com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:177) at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:144) at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74) at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:83) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeTrustPlugin(SecurityClientTube.java:685) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:281) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:247) ......还有12个
我已经开启了SOAP消息的日志记录,并且在检查请求时,我发现没有与安全相关的信息进入请求。 正在从Web服务端点返回失败响应,指示请求中存在无效安全性。
我想知道: 到目前为止,我是否与我的客户走在正确的轨道上? 2.调用REST服务并解析SAML2令牌响应的最佳方法是什么? 3.如何将步骤2中的SAML2令牌设置为我的所有Web服务?
根据WCF Web服务的实现者,他们使用的是WS-Security而不是Federated安全性。 收到的SAML2令牌看起来像这样:
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion ID="_909088b3-d972-4b6f-84b1-26301c1c3b69"
IssueInstant="2012-10-16T12:32:44.293Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>xyz:appl:identity</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_909088b3-d972-4b6f-84b1-26301c1c3b69">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>some_value_here</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sig_here</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>certHere</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName">user222</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2012-10-16T12:32:44.293Z"
NotOnOrAfter="2022-01-01T12:00:00.000Z">
<AudienceRestriction>
<Audience>uri:samlclient.xyzbadal.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>support@abc.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/CustomerId">
<AttributeValue>11209</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InsightUserId">
<AttributeValue>1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/NameIdFormat">
<AttributeValue>http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasProfile">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/Password">
<AttributeValue>test1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasPassword">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/LocaleName">
<AttributeValue>en-US</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasCredential">
<AttributeValue>false</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InternalReferenceId">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>CustomiseUI</AttributeValue>
<AttributeValue>EditConfiguration</AttributeValue>
...
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/ProfileUrl">
<AttributeValue>https://identity.com/able/</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2012-10-16T12:32:44.000Z"
SessionNotOnOrAfter="2022-01-01T12:00:00.000Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</wsse:Security>
我收到了几个WSDL文件。片段粘贴在下面: WSDL 1:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsdl:types>
<xsd:schema targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/Imports">
<xsd:import schemaLocation="TrackMe.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4.xsd" namespace="http://schemas.xyz.com/shs/api"/>
<xsd:import schemaLocation="TrackMe_1_2.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="TrackMe_1.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/Data"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4_5.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.Validation"/>
<xsd:import schemaLocation="TrackMe_1_2_3.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.TrackMe.PublicApiService.Contract"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="IMyService_GetApiVersion_InputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersion"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_OutputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersionResponse"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_FaultDetailFault_FaultMessage">
<wsdl:part name="detail" element="q2:Fault" xmlns:q2="http://schemas.xyz.com/shs/api"/>
</wsdl:message>
....
<wsdl:operation name="GetApiVersion">
<wsdl:input wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" message="tns:IMyService_GetApiVersion_InputMessage"/>
<wsdl:output wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionResponse" message="tns:IMyService_GetApiVersion_OutputMessage"/>
<wsdl:fault wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionFaultDetailFault" name="FaultDetailFault" message="tns:IMyService_GetApiVersion_FaultDetailFault_FaultMessage"/>
</wsdl:operation>
...
</wsdl:portType>
</wsdl:definitions>
WSDL 2:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="MyService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://tempuri.org/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:i0="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsp:Policy wsu:Id="CustomBinding_IMyService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<sp:RequestSecurityTokenTemplate>
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:import namespace="http://schemas.xyz.com/TrackMe/2010/06/" location="TrackMe.wsdl"/>
<wsdl:types/>
<wsdl:binding name="CustomBinding_IMyService" type="i0:IMyService">
<wsp:PolicyReference URI="#CustomBinding_IMyService_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
...
<wsdl:operation name="GetApiVersion">
<soap12:operation soapAction="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
<wsdl:fault name="FaultDetailFault">
<soap12:fault name="FaultDetailFault" use="literal"/>
</wsdl:fault>
</wsdl:operation>
....
</wsdl:binding>
<wsdl:service name="MyService">
<wsdl:port name="CustomBinding_IMyService" binding="tns:CustomBinding_IMyService">
<soap12:address location="https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
如果您需要更多信息,请告诉我们。 非常感谢任何帮助。 提前致谢! 卡尔。