Quantcast

Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

gchoi
Could someone tell me what does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my Envlope and why do I have that? I want SAML2.0 assertion token and I have <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType> in the body of the RST. I didn't mention SAML1.0 anywhere in my configuration.


<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" 
                        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" 
                        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
                        xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
                        xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

kumarjayanti

On Apr 24, 2012, at 10:01 PM, gchoi wrote:

> Could someone tell me what does
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my  
> Envlope and
> why do I have that?
There is a general problem in metro where some places u see namespace  
declarations that aren't really required there. Some of it i believe  
comes during JAXB Marshalling.

Is it causing trouble to you in any way ?.


> I want SAML2.0 assertion token and I have
> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
> trust:TokenType> in
> the body of the RST. I didn't mention SAML1.0 anywhere in my  
> configuration.
>
>
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd 
> "
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd 
> "
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd 
> "
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>
> --
> View this message in context: http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-SAML-1-0-assertion-come-from-tp5662587p5662587.html
> Sent from the Metro - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

gchoi
Even I requested SAML2.0 assertion token, I am getting SAML1.0 Assertion from
STS. Following is what STS returned in the body. I don't see point that we
mention SAML version in the envelope.


<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>

I am getting following WARNINGS when I run client. I am not sure if it is
related to this, but just want to eliminate all possible errors.


Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse
INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
"UNSUPPORTED".
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}TrustStore" was evaluated as
"UNSUPPORTED".
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
https://wkengchoi:8443/doubleit/services/doubleit
STS Name Space+++++++++null
STS Name
Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/usernamemixed
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse
INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthentication"
was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
log_invalid_assertion
WARNING: SP0100: Policy assertion
Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
    assertion data {
        namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
        prefix = 'sp'
        local name = 'SpnegoContextToken'
        value = 'null'
        optional = 'false'
        ignorable = 'false'
        attributes {
            name =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken',
value =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
sToRecipient'
        }
    }
    no parameters
    nested policy {
        namespace version = 'v1_5'
        id = 'null'
        name = 'null'
        vocabulary {
            1. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
            2. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
            3. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
            4. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
'
        }
        assertion set {
 
Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
                assertion data {
                    namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
                    prefix = 'sp'
                    local name = 'MustNotSendAmend'
                    value = 'null'
                    optional = 'false'
                    ignorable = 'false'
                    no attributes
                }
                no parameters
                no nested policy
            }
 
Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
                assertion data {
                    namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
                    prefix = 'sp'
                    local name = 'MustNotSendCancel'
                    value = 'null'
                    optional = 'false'
                    ignorable = 'false'
                    no attributes
                }
                no parameters
                no nested policy
            }
 
Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
                assertion data {
                    namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
                    prefix = 'sp'
                    local name = 'MustNotSendRenew'
                    value = 'null'
                    optional = 'false'
                    ignorable = 'false'
                    no attributes
                }
                no parameters
                no nested policy
            }
 
Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
                assertion data {
                    namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
                    prefix = 'sp'
                    local name = 'RequireDerivedKeys'
                    value = 'null'
                    optional = 'false'
                    ignorable = 'false'
                    no attributes
                }
                no parameters
                no nested policy
            }
        }
    }
} is not supported under Token assertion.

-----Original Message-----
From: kumarjayanti [mailto:[hidden email]]
Sent: Tuesday, April 24, 2012 1:15 AM
To: [hidden email]
Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
come from?


On Apr 24, 2012, at 10:01 PM, gchoi wrote:

> Could someone tell me what does
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my  
> Envlope and
> why do I have that?
There is a general problem in metro where some places u see namespace  
declarations that aren't really required there. Some of it i believe  
comes during JAXB Marshalling.

Is it causing trouble to you in any way ?.


> I want SAML2.0 assertion token and I have
> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
> trust:TokenType> in
> the body of the RST. I didn't mention SAML1.0 anywhere in my  
> configuration.
>
>
> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>
>
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.
xsd
> "
>
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-secext-1.0.xsd
> "
>
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
-utility-1.0.xsd
> "
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>
> --
> View this message in context:
http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-S
AML-1-0-assertion-come-from-tp5662587p5662587.html
> Sent from the Metro - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

kumarjayanti

On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0  
> Assertion from
> STS.
This could be an STS configuration issue  and has nothing to do with  
the SAML version in the envelope.

> Following is what STS returned in the body. I don't see point that we
> mention SAML version in the envelope.
>
>
> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</
> trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if  
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was  
> evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/ 
> usernamemixed
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
>    assertion data {
>        namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>        prefix = 'sp'
>        local name = 'SpnegoContextToken'
>        value = 'null'
>        optional = 'false'
>        ignorable = 'false'
>        attributes {
>            name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken' 
> ,
> value =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
> sToRecipient'
>        }
>    }
>    no parameters
>    nested policy {
>        namespace version = 'v1_5'
>        id = 'null'
>        name = 'null'
>        vocabulary {
>            1. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
>            2. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
>            3. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
>            4. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
> '
>        }
>        assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendAmend'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendCancel'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendRenew'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'RequireDerivedKeys'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>        }
>    }
> } is not supported under Token assertion.
>
> -----Original Message-----
> From: kumarjayanti [mailto:[hidden email]]
> Sent: Tuesday, April 24, 2012 1:15 AM
> To: [hidden email]
> Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion
> "
> come from?
>
>
> On Apr 24, 2012, at 10:01 PM, gchoi wrote:
>
>> Could someone tell me what does
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my
>> Envlope and
>> why do I have that?
> There is a general problem in metro where some places u see namespace
> declarations that aren't really required there. Some of it i believe
> comes during JAXB Marshalling.
>
> Is it causing trouble to you in any way ?.
>
>
>> I want SAML2.0 assertion token and I have
>> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
>> trust:TokenType> in
>> the body of the RST. I didn't mention SAML1.0 anywhere in my
>> configuration.
>>
>>
>> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>>
>>
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1 
> .
> xsd
>> "
>>
>>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-secext-1.0.xsd
>> "
>>
>>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -utility-1.0.xsd
>> "
>> xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>>
>> --
>> View this message in context:
> http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-S
> AML-1-0-assertion-come-from-tp5662587p5662587.html
>> Sent from the Metro - Users mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

kumarjayanti
In reply to this post by gchoi

On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0  
> Assertion from
> STS. Following is what STS returned in the body. I don't see point  
> that we
> mention SAML version in the envelope.
>
>
> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</
> trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if  
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".

The namespace here should be http://schemas.sun.com/2006/03/wss/client 
and not http://schemas.sun.com/2006/03/wss/server

> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was  
> evaluated as
> "UNSUPPORTED".
Same here.

> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/ 
> usernamemixed
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
This assertion is MS specific and so metro does not understand this  
one. Same for other ones below. So it appears you have  
SpnegoContextToken on the STS policy ?.  Metro does not support it.

Apr 24, 2012 12:21:53 PM  
[com.sun.xml.ws.policy.EffectiveAlternativeSelector]

>
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
>    assertion data {
>        namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>        prefix = 'sp'
>        local name = 'SpnegoContextToken'
>        value = 'null'
>        optional = 'false'
>        ignorable = 'false'
>        attributes {
>            name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken' 
> ,
> value =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
> sToRecipient'
>        }
>    }
>    no parameters
>    nested policy {
>        namespace version = 'v1_5'
>        id = 'null'
>        name = 'null'
>        vocabulary {
>            1. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
>            2. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
>            3. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
>            4. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
> '
>        }
>        assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendAmend'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendCancel'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendRenew'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'RequireDerivedKeys'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>        }
>    }
> } is not supported under Token assertion.
>
> -----Original Message-----
> From: kumarjayanti [mailto:[hidden email]]
> Sent: Tuesday, April 24, 2012 1:15 AM
> To: [hidden email]
> Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion
> "
> come from?
>
>
> On Apr 24, 2012, at 10:01 PM, gchoi wrote:
>
>> Could someone tell me what does
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my
>> Envlope and
>> why do I have that?
> There is a general problem in metro where some places u see namespace
> declarations that aren't really required there. Some of it i believe
> comes during JAXB Marshalling.
>
> Is it causing trouble to you in any way ?.
>
>
>> I want SAML2.0 assertion token and I have
>> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
>> trust:TokenType> in
>> the body of the RST. I didn't mention SAML1.0 anywhere in my
>> configuration.
>>
>>
>> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>>
>>
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1 
> .
> xsd
>> "
>>
>>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-secext-1.0.xsd
>> "
>>
>>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -utility-1.0.xsd
>> "
>> xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>>
>> --
>> View this message in context:
> http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-S
> AML-1-0-assertion-come-from-tp5662587p5662587.html
>> Sent from the Metro - Users mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

gchoi
Thanks for your response. I appreciate it.

>The namespace here should be http://schemas.sun.com/2006/03/wss/client
>and not http://schemas.sun.com/2006/03/wss/server
I commented out name space for http://schemas.sun.com/2006/03/wss/server
since I had http://schemas.sun.com/2006/03/wss/client already.


>This assertion is MS specific and so metro does not understand this one.
Same for other ones below. So it appears you have SpnegoContextToken on the
STS policy ?.  >Metro does not support it.
I see SpnegoContextToken on the ADFS policy. So, it looks like that I need to
get used to with these WARNING messages. :)


-----Original Message-----
From: kumarjayanti [mailto:[hidden email]]
Sent: Tuesday, April 24, 2012 9:30 AM
To: [hidden email]
Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
come from?


On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0  
> Assertion from
> STS. Following is what STS returned in the body. I don't see point  
> that we
> mention SAML version in the envelope.
>
>
> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</
> trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if  
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".

The namespace here should be http://schemas.sun.com/2006/03/wss/client 
and not http://schemas.sun.com/2006/03/wss/server

> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was  
> evaluated as
> "UNSUPPORTED".
Same here.

> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/ 
> usernamemixed
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
This assertion is MS specific and so metro does not understand this  
one. Same for other ones below. So it appears you have  
SpnegoContextToken on the STS policy ?.  Metro does not support it.

Apr 24, 2012 12:21:53 PM  
[com.sun.xml.ws.policy.EffectiveAlternativeSelector]

>
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
>    assertion data {
>        namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>        prefix = 'sp'
>        local name = 'SpnegoContextToken'
>        value = 'null'
>        optional = 'false'
>        ignorable = 'false'
>        attributes {
>            name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken' 
> ,
> value =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway

> sToRecipient'
>        }
>    }
>    no parameters
>    nested policy {
>        namespace version = 'v1_5'
>        id = 'null'
>        name = 'null'
>        vocabulary {
>            1. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
>            2. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
>            3. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
>            4. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys

> '
>        }
>        assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendAmend'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendCancel'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendRenew'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'RequireDerivedKeys'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>        }
>    }
> } is not supported under Token assertion.
>
> -----Original Message-----
> From: kumarjayanti [mailto:[hidden email]]
> Sent: Tuesday, April 24, 2012 1:15 AM
> To: [hidden email]
> Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion
> "
> come from?
>
>
> On Apr 24, 2012, at 10:01 PM, gchoi wrote:
>
>> Could someone tell me what does
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my
>> Envlope and
>> why do I have that?
> There is a general problem in metro where some places u see namespace
> declarations that aren't really required there. Some of it i believe
> comes during JAXB Marshalling.
>
> Is it causing trouble to you in any way ?.
>
>
>> I want SAML2.0 assertion token and I have
>> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
>> trust:TokenType> in
>> the body of the RST. I didn't mention SAML1.0 anywhere in my
>> configuration.
>>
>>
>> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>>
>>
>
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1 
> .
> xsd
>> "
>>
>>
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-secext-1.0.xsd
>> "
>>
>>
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -utility-1.0.xsd
>> "
>> xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>>
>> --
>> View this message in context:
>
http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-S
> AML-1-0-assertion-come-from-tp5662587p5662587.html
>> Sent from the Metro - Users mailing list archive at Nabble.com.
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

gchoi
In reply to this post by kumarjayanti
>This could be an STS configuration issue  and has nothing to do with the
SAML version in the envelope.
An STS configuration issue means client side STS configuration? I created
java client using SAAJ and if I send if to same ADFS endpoint, I am correctly
receiving SAML2.0 token. Following is my request and response from ADFS. I
have attached my service wsdl file. Could you check it for me if I configured
incorrect way? This is only place that I mentioned token type.

Soap request:

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-u
tility-1.0.xsd"><env:Header><o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s
ecext-1.0.xsd"><o:UsernameToken
u:Id="uuid-e260f6f4669765dc"><o:Username>XXXX</o:Username><o:Password>XXXX</o
:Password></o:UsernameToken></o:Security><a:Action
mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
</a:Action><a:To
mustUnderstand="1">https://strts01.ams.dev/adfs/services/trust/13/usernamemix
ed</a:To></env:Header><env:Body><trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><a:EndpointReference
><a:Address>https://wkengchoi:8443/doubleit/services/doubleit</a:Address></a:
EndpointReference></wsp:AppliesTo><trust:KeyType>http://docs.oasis-open.org/w
s-sx/ws-trust/200512/Bearer</trust:KeyType><trust:RequestType>http://docs.oas
is-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:TokenType>u
rn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType></trust:RequestSecurity
Token></env:Body></env:Envelope>

XML response

<?xml version="1.0" encoding="UTF-8"?><s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-u
tility-1.0.xsd"><s:Header><a:Action
s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/I
ssueFinal</a:Action><o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s
ecext-1.0.xsd" s:mustUnderstand="1"><u:Timestamp
u:Id="_0"><u:Created>2012-04-25T15:05:44.239Z</u:Created><u:Expires>2012-04-2
5T15:10:44.239Z</u:Expires></u:Timestamp></o:Security></s:Header><s:Body><tru
st:RequestSecurityTokenResponseCollection
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:Request
SecurityTokenResponse><trust:Lifetime><wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
-utility-1.0.xsd">2012-04-25T15:05:44.223Z</wsu:Created><wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
-utility-1.0.xsd">2012-04-25T16:05:44.223Z</wsu:Expires></trust:Lifetime><wsp
:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReferen
ce
xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>https://wkengch
oi:8443/doubleit/services/doubleit</wsa:Address></wsa:EndpointReference></wsp
:AppliesTo><trust:RequestedSecurityToken><EncryptedAssertion
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey
xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/></e:EncryptionMethod><Key
Info><ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509IssuerSerial><ds:X509Is
suerName>E=[hidden email], CN=servicecn, OU=SCC, O=SDC, L=boston,
S=massachusetts,
C=US</ds:X509IssuerName><ds:X509SerialNumber>14478695720124859712</ds:X509Ser
ialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:Ciph
erValue>xbmcGsC0n+MQbjeLrnAzcyg9SImUmVpkcncpm0TkbKzVzJ293+CPLuFRNqTWOIiZFAziZ
8eJGSwti5I27z4xAAYKhfRTXNiLnXr6MNLlNblcLDhAHxT9ZA9daGunLFuHqkQeXfSZNzNaYlglQe
Ynt8tlb9eDEANxS4PDvbdSuArV7PGIrwM3WsIfMjsbdeDPAvgvV9P5h5Dil98pSP/yd/xopVjThBe
KSEhCYcUiAfod2eNA3rxcCBGcpCAp3o4e/gUCL0Jrl2DhYWQG9XYmjrf3L+WHQ2KQDRHX+3HoUhbz
dXGRczV92KG7UpS8bLbmxd73V2UZXyGM2xbhrD9B+A==</e:CipherValue></e:CipherData></
e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>8eEGZzoNqYdxThzEY
QXTpFeMI41vpdWCdlEAaq1aw5GavM2stmaa27XvzMjSC4OUi2uCOOTlgikfnY7f69TKdcsbX7cz/F
XHbuIW8MQGrHL4B3qWC1tKE7bn2nXWHpvvg2JCvDJSCeGfNhEZ4xEgnF+siHomdbD+nFnrP4RjYrs
bFAOWyJztUZhVkOfNPKSwnxKjoGetBTlBDA9x3V0qBaFpdxzLNPBO7BvJa8GPMuXuXuSDF0nWLy6a
l6B9sX63plVgj0+lXjaoMLEBpMuaL+io2vlX8wSIEamaCiA2eyK50FWOYH31owB5bTj/QGrgIOrHh
qeMWbRu5eLKwqbPWXHzDC/tavcTqsi5DqPckLY05j+mVMy50SbwH+Y7+XfBULHPOlJnCw4ISCDsZz
KNuY5PinSbQAEKBHnjhvj4f5xm8OWplheGK9wAQKGfhNj3VF7GeeofCRYci0Lx826GIymxhxTyf9o
lzn2SSGHA5ipOXLV/2+ACxCfBT877AcELhgHXDaKn01LavoVYB+0KOctDc4o81OntQI6PpF45StVt
Kx+PKOn5Cog8o6jDFfxZ18KNZ66Z+ay4s590ladeHTrdMyI2ZyU8x+uc1wIHL0zEjNvyT25ekxLbc
k+I1ceER3jPdfxuaO1LzQQM5gDsnVhX8X051AMJMEspip1hRrrlPY9PNhMP1N2Z2oYgsncyP7I5B5
vahk3lXEtAWYfi/xP+EhPZZWSwdi8krndcuP2g5vEA3bl57WA3GqJ+oVBKj/XKVQPM08AeBiJwvm6
/Ur4RaNO3Ga55tzHXElzAZlbSN4bD+MjJPmu4WvOdEstyKLkZvjEimGBUyWWPgY6QvqM17tkz6u+o
EsPZ9UJ25k86JK2kjOdzGBwAA6mkFydyrQeJIVSNPQ1RV2uc2HrYC2YOaiZbuokHL9CmvgCariUvn
uRi/0piHuFQSFEqKtCAZoFEr4nYJzqMwOa9slU48SR0XjidT/lMEZ+W1PAPY7YIwikHhpm9rHBqhj
l4avXYQdeKNghJ1vEQ+aIhkAVj9ukYXUmDkL0dtvocpTq2/nwWL4a/AhDOYn/C7osoiRzvroKl4XU
kmds2pdopL9+NwMPJz1L8oycawm54FkmTea3nrKessVJovaCFkSPtZMcFNkquT7V+3W+FyHX0ZIsB
WCo/YaHvCAiVFXEBKPGnA1jehlrh+A8/5nSBiIwoIDYiArORByr0umFGYvWnnEO/qFeps3uB/+yJj
k/xJsSilQDCi4S90u4TZW9l9DatBwYs0id94WphWKkMo2bbVhqganznRMQT1j4yYPCprV1qBtNl08
PfNhVmZ3fNtqPEwb/yN0uVURasyMXtPwMk2iZJbWEVIB+IArwkJsDm53+qdl5zrWAZ6RuNJ6uSwGx
oe+9ei86wiEKD167dg5gKV6nWf+3WLfaCwX7u9dEJN5zk/GFyur1jP6Ywow0l6IE75/f5UP34lzH1
2MPwFS5cSqzOGjmdgrhVtuIh5GeKRc85fKB5bbmpe76WwecipjcY007TwVlUB0BbpmIjlkVXmuEAn
A5gBgVmqaU3lhuDmyFTsWjnv593UmrctPmBEd8Kz9sc33IuU+LdbJY8H2L8ZrfOSFYBELii7yhKu3
/yGbcD99C+43F6wKOKkN+2r6jvGSnJTyufhCZdSADeQkrhVTrrNZ6eudvFjRwrya8x+7boQD+BcZD
I0fOrU+nu4TP4KN+bfRnxtRxVYjs/w5hRgjqgP8Gn84XuN51vf8jqasVmQjz/2ky/IXVvblea0DFM
ubYljMth1W7u27KraaWtL2dr0IO4eeZuHuHo3fIFmzUr242ZiAZz9j+PhuFOYOD99ybCyxBAykuWI
vIRy6KnEwiem9GxamMkhzGEhwZUnXtJQ1mlO8vOC4BAtgMzlvpHxbMJLJsEPowkSH6trCrQceC5f2
1Wn1zeNZ+39DdyKsKp9/CVAgPNFxqnI6YX9Xu0lf/gPNn7Bn5AA/5K3FsMCLHs1SM/DjuIwRXHXi1
9+/vFG+o9VyUWUhAykMHnfdRU8QEg5Oz2ZlgHZlyCpyHPKgq1FG/E9bhfnMcubgWmmcKmzP15AKfv
Bi5kkRMZppgAwZbFFkkVdsqSjEYScEgO57UrvL4JSW6FoE0R+aFB81+yoFd1ijzOjglMdBudLJh8C
whFxtJvObVnbHIg2hd4YEzwvaviUe4MgCRteTry4McGNw/zDT9LZwc88qkL47Le0OGlG7zxmFd08g
IBEwaGqEgfWMCj23M8jRrOiXqQVQeegA7MjRafnO9/Dac/83qEh0bKXtUR89bobwxhrfZFXS9k97v
lDndRFQEQxkb8YnY93o36ZI4VdoYftz9OOz7fzdUSbQ72/htAYTsRwFLrg4Vsm3mlsPenzAqrBH1Q
smerU9vkFfgXFKBFL3Iz9jskTYHH60DZyVLqI0RW9sTVCxTMRzLKVbFfhv9iAgnqe2M/MQF3cpcK8
IbASxehoZZYYA1zVoNlFaFiUY2kvsEsdNFFOI3VMPZ1DPCvTXtHMyilsokxXKUHKfJNfM2gYPTvqT
NWQQDUUpT6QvsXgtgFEBYMeKerzuFeghZX7HpGLyBzZKV6d6GxNyfdure8rpjHRvt3eJZTNzlIapm
1kF3mrjqFlrcSPBeiWzwrrKXwyTnQz7AfjWewOubDboGmhrynvukJpNLwVWEaqIKmcgxL/SkRDnZp
5udjpdneqUCe5OPm07UL6qL+Ihwsy3qLLHdgOCkuvawKZxDGNTxZBqe9HuMK3ZCItu/2IwcRJysuF
T29lQfxhZ5LymTVM3CZU14zJ39ynRPtftvM9j4av3AzufYCF4y0AxUt6XfF9L4H8ykXDwth9Sn1zV
vyjoh32Hag/4BF1yl4rig0U0DQ3QW8YCUG9D9ZFvvMrIX1wTiYpd8LieRDrScEBJRW6ahY2FgNY5j
9ePpeINCyolEo9BTuCY6czZoY13whCA+5FZLRgjfUP4rwAZ26F3qsVQeQIcinRs3c9PRCq0S9eB/7
ZelVPHDtnrqNJo7EHp8T7tWdUXak8upHajxVHoKbIsjy6Gvid5jOcDDINJntUY7NmgHtWXzI2o7Cb
Mf5yigWmTlBHQBI5XAUH/cQir3fX9q7hoKYDTpjQUDMr1dkGYZYFHameUeg4giOzG6MRXoMLSLlOO
cbVl8NnJ2usOimn+8lrXHuANSZDxcjK5nR1dqPsFTdRbL1X3iuGuogO9u6lPhuQx7WVsQM/n6sJrT
/BCl9qS5RCtc90YWIhg4aV2Ju9uN/MjGvWKJTaIhQ8TyaMEX7DONluCHK/joMfSQNFhnzo/zmYLAS
2oAsbj4gwDWgkgArgScdWXLXkN33VVgvN4NmcNM84TYpTtkD0U3jo/ZEJqrZPJGC0xuQGx6h327bF
m0t7HIc2EMgfiYmC1fbuq78Tso61Nl9AqMGPAqb+FgTFEk2XCT3A8c0gOY2YPJDwLLvT/ap/hmO1F
ojpy3xvvI/ymL9Q+HDe1OqBq7xQPQgsYrp2KPRjcyydtyV8StjG6ojWaL3vlilJOMKTTfvHCarrd5
fX8L1JLoQNH9UD4MZZXvf5kaV95aQM81i3hRLQIfCnFQUNe83cWxseaglMtFYiJmIt20b6fCXD0QO
NVbV50HFnYxKfHJdnS4LwX424QWOtvxh8Gv0gm11mIx036WRgP1d6TQ3beOb5PDCTNfQDpvwvA7lq
p7d26EInUjvMRDzyzxqd0SOd+D2szT9azOpc7lnu3Woq3e0CVPsyGgigsYGtEgISmEb82Yw0wxDRX
vdw5eU5zrBkL94RjqhKJ7cn1G/AtTtAvSXk2iaZhED/vCQ0kmcMrD3anX2D5W1d00N/tFEwEryxos
2Wbku9pnZdjPQ0VspZkYjG05ZXE8JAltp1yXAV+P/Apa7QXJQU6+YMKZAGigGaUSzoc9XNTDmuaDW
BKM10HAd6YxTEuFS/dmxO+fWwru50/4CuaZ05TKkDIrJ4xDe0GWW9AZRt/QDBycsDjWBsnc8tGqCe
3AYxc4SuYfhX8Vqji4S5zGEGJPea8y9jpxpML60qd1COPsWKCHrgEa6/jukGmbzMoauBfk/uzh2nc
WfBZq2Yw52t+5UZ2A9A3EB7ecaHZbWNiUFPgn+aXlbn291bMDTRzIchW/0XP95sDa+hboE4VBSfix
CFoZpfxwQxFvBtls3pX8TXVG2crsmNI8OFECjE5YOnc2o6Iu/Im7omWRdT+YrwXUT074jE9KptK7b
6aJP44T8Fidw9jX2O7NJwYbEfdi4jGCnT9XI</xenc:CipherValue></xenc:CipherData></xe
nc:EncryptedData></EncryptedAssertion></trust:RequestedSecurityToken><trust:R
equestedAttachedReference><SecurityTokenReference
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sec
ext-1.0.xsd"
xmlns:b="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
b:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#
SAMLV2.0"><KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SA
MLID">_8887efc5-6a3e-4573-8979-0e80521e7e5c</KeyIdentifier></SecurityTokenRef
erence></trust:RequestedAttachedReference><trust:RequestedUnattachedReference
><SecurityTokenReference
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sec
ext-1.0.xsd"
xmlns:b="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
b:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#
SAMLV2.0"><KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SA
MLID">_8887efc5-6a3e-4573-8979-0e80521e7e5c</KeyIdentifier></SecurityTokenRef
erence></trust:RequestedUnattachedReference><trust:TokenType>urn:oasis:names:
tc:SAML:2.0:assertion</trust:TokenType><trust:RequestType>http://docs.oasis-o
pen.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:KeyType>http://
docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType></trust:Reque
stSecurityTokenResponse></trust:RequestSecurityTokenResponseCollection></s:Bo
dy></s:Envelope>

-----Original Message-----
From: kumarjayanti [mailto:[hidden email]]
Sent: Tuesday, April 24, 2012 9:25 AM
To: [hidden email]
Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
come from?


On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0  
> Assertion from
> STS.
This could be an STS configuration issue  and has nothing to do with  
the SAML version in the envelope.

> Following is what STS returned in the body. I don't see point that we
> mention SAML version in the envelope.
>
>
> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</
> trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if  
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was  
> evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/ 
> usernamemixed
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/ 
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM  
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the  
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
>    assertion data {
>        namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>        prefix = 'sp'
>        local name = 'SpnegoContextToken'
>        value = 'null'
>        optional = 'false'
>        ignorable = 'false'
>        attributes {
>            name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken' 
> ,
> value =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway

> sToRecipient'
>        }
>    }
>    no parameters
>    nested policy {
>        namespace version = 'v1_5'
>        id = 'null'
>        name = 'null'
>        vocabulary {
>            1. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
>            2. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
>            3. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
>            4. entry =
>
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys

> '
>        }
>        assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendAmend'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendCancel'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'MustNotSendRenew'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
>                assertion data {
>                    namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
>                    prefix = 'sp'
>                    local name = 'RequireDerivedKeys'
>                    value = 'null'
>                    optional = 'false'
>                    ignorable = 'false'
>                    no attributes
>                }
>                no parameters
>                no nested policy
>            }
>        }
>    }
> } is not supported under Token assertion.
>
> -----Original Message-----
> From: kumarjayanti [mailto:[hidden email]]
> Sent: Tuesday, April 24, 2012 1:15 AM
> To: [hidden email]
> Subject: Re: Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion
> "
> come from?
>
>
> On Apr 24, 2012, at 10:01 PM, gchoi wrote:
>
>> Could someone tell me what does
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my
>> Envlope and
>> why do I have that?
> There is a general problem in metro where some places u see namespace
> declarations that aren't really required there. Some of it i believe
> comes during JAXB Marshalling.
>
> Is it causing trouble to you in any way ?.
>
>
>> I want SAML2.0 assertion token and I have
>> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</
>> trust:TokenType> in
>> the body of the RST. I didn't mention SAML1.0 anywhere in my
>> configuration.
>>
>>
>> <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
>>
>>
>
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1 
> .
> xsd
>> "
>>
>>
>
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-secext-1.0.xsd
>> "
>>
>>
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity
> -utility-1.0.xsd
>> "
>> xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>>
>> --
>> View this message in context:
>
http://metro.1045641.n5.nabble.com/Where-does-xmlns-saml-urn-oasis-names-tc-S
> AML-1-0-assertion-come-from-tp5662587p5662587.html
>> Sent from the Metro - Users mailing list archive at Nabble.com.
>


DoubleIt.wsdl (12K) Download Attachment
Loading...