WSO2 IS 5.1.0 Empty SignatureValue and DigestValue in SAML Assertion - spring

When I get SAML Assertion from Identity Server, DigestValue and SignatureValue are empty :\
Assertion:
<?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="lhgklipdcdifghfbehlmdbbghndlgdpbdeggppjd" IssueInstant="2016-12-28T10:22:35.668Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#lhgklipdcdifghfbehlmdbbghndlgdpbdeggppjd"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue/></ds:Reference></ds:SignedInfo><ds:SignatureValue/><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin#carbon.super</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="a4feh03406aeih7f2g73aaai048a3f1" NotOnOrAfter="2016-12-28T10:27:35.663Z" Recipient="http://localhost:22222/console/saml/SSO"/></saml2:SubjectConfirmation><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="a4feh03406aeih7f2g73aaai048a3f1" NotOnOrAfter="2016-12-28T10:27:35.663Z" Recipient="https://192.168.100.120:9443/oauth2/token"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2016-12-28T10:22:35.668Z" NotOnOrAfter="2016-12-28T10:27:35.663Z"><saml2:AudienceRestriction><saml2:Audience>onGeoConsoleTest2</saml2:Audience><saml2:Audience>https://192.168.100.120:9443/oauth2/token</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2016-12-28T10:22:35.676Z" SessionIndex="5d427a5b-9392-47f8-84a8-8faf5a2fc029"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Internal/subscriber</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Application/ongeo-auth</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Application/api-store</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Internal/everyone</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Application/api-publisher</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Application/ongeo-console</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Internal/cg_unpublisher</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Application/admin_Testujemy_PRODUCTION</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Internal/cg_publisher</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion>
Service Provider configuration:
Please, help!

Problem was on Spring SAML extension side. Signature have been deleted from assertion in WebSSOProfileConsumerImpl in method processAuthenticationResponse, but when I set property releaseDOM to false it is working fine.

Related

SOAP XML Namespace in Parent and Child Element using Spring Boot

How to add namespace in both Parent and Child element using Spring Boot & SOAP xml.
Expected:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<SubmitXmlSyncResponse xmlns="http://www.w3.org/2001/XMLSchema-instance">
<BlueStar MsgName="B05" RqUid="b520981a-1912-4a4f-b882-9f709b248be2"
xmlns="http://www.w3.org/2001/XMLSchema-instance" Status="0">
<response/>
<FMHLEN>03</FMHLEN>
<PTION>00</PTION>
<LOGICALDEV>00</LOGICALDEV>
</BlueStar>
</SubmitXmlSyncResponse>
</soap:Body>
</soap:Envelope>
Actual:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xsd="http://www.w3.org/2001/XMLSchema"
<soap:Body>
<SubmitXmlSyncResponse xmlns="http://www.w3.org/2001/XMLSchema-instance">
<BlueStar MsgName="B05" RqUid="b520981a-1912-4a4f-b882-9f709b248be2" Status="0">
<response/>
<FMHLEN>03</FMHLEN>
<PTION>00</PTION>
<LOGICALDEV>00</LOGICALDEV>
</BlueStar>
</SubmitXmlSyncResponse>
</soap:Body>
</soap:Envelope>
Need xmlns in both SubmitXmlSyncResponse & BlueStar

Spring AOP intercepting some Public Method but not other

I have placed and interceptor in my aspect class as
#Before("execution( * com.mycompany.a.service.weblab.b.doesTreatmentEqualsAndTrigger(..))"){
.........
}
this interceptor works fine but when i place this interceptor
#Before("execution( * mycompany.a.b.bsf.c.requestReply(..))"){
............
}
the code is not intercepted.
My aspect class is in com.mycompany.x package and both the function on which i am trying to place the interceptor are public as needed by spring AOP.
My .xml is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
default-autowire="no">
<context:annotation-config/>
<aop:aspectj-autoproxy/>
<bean name="com.a.serviceInterceptor" class="com.mycompany.x.RequestSpecificServiceAspect"/>
</beans>
Why is the second function not getting intercepted? Is it because of the vastly different package since they don't have anything in common? If so then how i can resolve this ?

codahale metrics aren't being recorded

I'm experimenting with the codahale metrics and metrics-spring packages. I've been unable to get the metrics recorded.
Function Call
#Counted
public Response getSomething(#Context final HttpServletRequest request) {
return Response.ok(doWork()).build();
}
metrics-spring.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:metrics="http://www.ryantenney.com/schema/metrics"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.ryantenney.com/schema/metrics
http://www.ryantenney.com/schema/metrics/metrics-3.0.xsd">
<!-- Registry should be defined in only one context XML file -->
<metrics:metric-registry id="metrics"/>
<!-- annotation-driven must be included in all context files -->
<metrics:annotation-driven metric-registry="metrics"/>
<!-- (Optional) Registry should be defined in only one context XML file -->
<metrics:reporter type="console" metric-registry="metrics" period="10s"/>
</beans>
beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml"/>
<import resource="classpath:metrics-spring.xml"/>
...snip....
Output
When I run this in a war file and hit the endpoint, the counter isn't incremented. It stays at 0
5/19/15 5:01:48 PM =============================================================
-- Counters --------------------------------------------------------------------
package.getSomething
count = 0
It seems like everything is wired together correctly. Data is getting dumped to the console and it knows about the counter. What am I doing wrong?

Replace cxf parameters with spring (dynamically)

I have following cxf.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd">
<http:conduit name="http://localhost:8080/mockInterfaceSoap">
<http:client ReceiveTimeout="5000" />
</http:conduit>
</beans>
Is there any way to replace hardcoded ReceiveTimeout parameter value with spring?
EDIT:
I want to change it dynamically in runtime. Change is quite rare so app can change existing endpoint or create new one.
Maybe org.apache.cxf.jaxrs.client.WebClient helps. I have found some time ago a reference to it and have used it in the following example:
String endpointAddress = "*";
WebClient client = WebClient.create(endpointAddress);
HTTPConduit httpConduit = WebClient.getConfig(client).getHttpConduit();
httpConduit.setTlsClientParameters(new TLSClientParameters());
httpConduit.getTlsClientParameters().setUseHttpsURLConnectionDefaultHostnameVerifier(true);
httpConduit.getTlsClientParameters().setUseHttpsURLConnectionDefaultSslSocketFactory(true);
return httpConduit;
You can use it as follows.
<jaxrs-client:client id="clientId" serviceName="clientServiceName"
address="${urlService}" >
</<jaxrs-client:client>
<http-conf:conduit name="*clientServiceName*.http-conduit" >
<http-conf:client ReceiveTimeout="1"/>
</http-conf:conduit>

spring destroy-method + request scope bean

So I wanted to do something like this:
#Component
#Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES)
public class MyBean {
#Autowired HttpServletRequest request;
#PreDestroy
public void afterRequest() {
try {
System.out.println("After request...");
// use request here:
}
finally {
System.out.println("Completed successfully...");
}
}
}
And I end up with the following message, AFTER the "Completed successfully..." message logs:
09:19:16 WARN Invocation of destroy method failed on bean with name 'scopedTarget.myBean': java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
I'm not really sure what to make of this, since my logging indicates the destroy method completed successfully. Does anyone know what's going on?
EDIT:
Here's the mvc-servlet.xml. As you can see there is not much going on here. It's all annotation driven:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-2.0.xsd">
<!-- properties file -->
<context:property-placeholder location="app.properties" />
<context:component-scan base-package="my.package.web" />
<context:component-scan base-package="my.package.services" />
<mvc:annotation-driven />
<bean class="org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:viewClass="org.springframework.web.servlet.view.JstlView" p:prefix="/WEB-INF/view" p:suffix=".jspx" />
</beans>
If you use request scope without spring MVC you should declare org.springframework.web.context.request.RequestContextListener in web-app listener.
<web-app>
...
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
...
</web-app>
check http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-scopes-other-web-configuration
I never did get this working, but I ended up changing the code to apply #After advice on the controller methods, which has the same effect.

Resources