I've written a policy (contained below) that uses XPath 2.0 features, for use with WSO2 Identity Server. I've specified the correct value in the XPathVersion element, but I'm still getting errors that point to the XPath expression not being evaluated as XPath 2.0.
I'm pretty sure WSO2 Identity Server isn't using the value of the XPathVersion element, as when I change it to something invalid (such as "this-is-not-a-valid-xpath-version") it doesn't complain and still evaluates XPath expressions (albeit as XPath 1.0.)
My policy:
<Policy PolicyId="application-dashu" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<PolicyDefaults>
<XPathVersion>http://www.w3.org/TR/2007/REC-xpath20-20070123</XPathVersion>
</PolicyDefaults>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:siphon-io:schema:application:dashu</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:target-namespace" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="permit-index">
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">index</AttributeValue>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
<AttributeSelector
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="/*[namespace-uri()='urn:siphon-io:schema:application:dashu' and local-name()='Instance']/*[namespace-uri()='urn:siphon-io:schema:application:dashu' and local-name()='Tag']/concat('{', attribute::Name, '}', text())"
DataType="http://www.w3.org/2001/XMLSchema#string"
/>
<AttributeSelector
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
Path="/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='Assertion']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='AttributeStatement']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='Attribute']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='AttributeValue']/concat('{', parent::node()/attribute::Name, '}', text())"
DataType="http://www.w3.org/2001/XMLSchema#string"
/>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
My request:
<p0:Request CombinedDecision="false" ReturnPolicyIdList="false" xmlns:p0="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<p0:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<p0:Content>
<saml:Assertion ID="_u5Ik0MW0G5jNlnFsYG6DGvl7j0WEmBJR" IssueInstant="2013-12-12T23:11:02.354Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>urn:movingdata.auth0.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|b939821bd143c2d075e2feaf0220b6ed09212cc9</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="request-1386889754280-nusav-zotop-rizul" NotOnOrAfter="2013-12-13T00:11:02.354Z" Recipient="http://dashboard.dbsu.com/auth/saml2/sso/post"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2013-12-12T23:11:02.354Z" NotOnOrAfter="2013-12-13T00:11:02.354Z">
<saml:AudienceRestriction/>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="urn:siphon-io:customer:dbsu:project">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">99-101</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:siphon-io:customer:dbsu:project">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">99-102</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:siphon-io:customer:dbsu:project">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">99-103</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthnStatement AuthnInstant="2013-12-12T23:11:02.354Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</p0:Content>
</p0:Attributes>
<p0:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<p0:Content>
<p1:Instance xmlns:p1="urn:siphon-io:schema:application:dashu" Host="dashboard.dbsu.com" ID="81ffe0de0ab298abf33f582e3909b9c6de1f7e97">
<p1:Tag Name="urn:siphon-io:customer:dbsu:project">99-101</p1:Tag>
</p1:Instance>
</p0:Content>
<p0:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:target-namespace" IncludeInResult="false">
<p0:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:siphon-io:schema:application:dashu</p0:AttributeValue>
</p0:Attribute>
</p0:Attributes>
<p0:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<p0:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<p0:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">index</p0:AttributeValue>
</p0:Attribute>
</p0:Attributes>
</p0:Request>
WSO2 Identity Server is shipped with xalan 2.7.1 (which can be found at /lib/endorsed) And xalan 2.7.1 does not support XPath 2.0. Therefore Identity Server would not support Xpath 2.0. This is a know thing with Identity Server. I guess, we can remove the xalan 2.7.1 from distribution and use some thing like saxon. (I did not try it). I guess, It would be done in future release soon. However, I tried your policy and request with latest version 4.5.0. But there was some problem with "concat" function and may be due to XPath 2.0 issue as you have mentioned. Once i remove "concat", It works as expected. Following is the policy that i modified and it returns the expected result as "Permit" with request that you have given.
<Policy PolicyId="application-dashu" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<PolicyDefaults>
<XPathVersion>http://www.w3.org/TR/2007/REC-xpath20-20070123</XPathVersion>
</PolicyDefaults>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:siphon-io:schema:application:dashu</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:target-namespace" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="permit-index">
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">index</AttributeValue>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
<AttributeSelector
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
Path="/*[namespace-uri()='urn:siphon-io:schema:application:dashu' and local-name()='Instance']/*[namespace-uri()='urn:siphon-io:schema:application:dashu' and local-name()='Tag']/text()"
DataType="http://www.w3.org/2001/XMLSchema#string"
/>
<AttributeSelector
MustBePresent="false"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
Path="/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='Assertion']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='AttributeStatement']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='Attribute']/*[namespace-uri()='urn:oasis:names:tc:SAML:2.0:assertion' and local-name()='AttributeValue']/text()"
DataType="http://www.w3.org/2001/XMLSchema#string"
/>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
Related
I am not a techie but have assumed some responsibilities in someone's absence.
Trying to push below Consent FHIR Resource:
<Consent xmlns="http://hl7.org/fhir">
<id value="123" />
<status value="inactive" />
<scope>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/consentscope" />
<code value="patient-privacy" />
</coding>
</scope>
<category>
<coding>
<system value="http://loinc.org" />
<code value="59284-0" />
</coding>
</category>
<patient>
<reference value="Patient/41" />
<display value="John Stifiles" />
</patient>
<policyRule>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/consentpolicycodes" />
<code value="cric" />
</coding>
</policyRule>
<provision>
<type value="deny" />
<period>
<start value="2021-09-27" />
<end value="2021-09-27" />
</period>
</provision>
</Consent>
This is passed with no errors from inferno.healthit.gov/validator/ but when I run through my integrator (it hits HL7 validator), I get a variety of errors - Encountered unknown member 'Scope' or Encountered unknown member 'Patient', etc.
This is a Consent resource that conforms to FHIR version R4. Inferno runs FHIR R4 as well, so that works.
However, if you try and validate this resource against FHIR STU3, you will get the errors you mentioned, since the Consent resource structure significantly changed from STU3 to R4. Please check your integrator and make sure it runs FHIR R4 as well.
I am new to soap web services,wanted to know can we change the location of soap:address according to the environment it is deployed. I am using jaxws-spring
<binding name="HelloWorldWSPortBinding" type="tns:HelloWorldWS">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<operation name="getHelloWorld"></binding>
<service name="HelloWorldWSService">
<port name="HelloWorldWSPort" binding="tns:HelloWorldWSPortBinding">
<soap:address location="http://localhost:8095/WebServicesExample/hello" />
</port>
</service>
</definitions>
I am following the tutorial: http://wso2.com/library/articles/2015/02/how-to-write-a-web-application-backed-by-wso2-middleware-part-3/.
Some information about my architecture:
IS ports: https:9440 http:9760
ESB ports: https:9444,8242 http:9764,8281
DSS service: http:9764 (inside ESB as feature)
I defined the proxy service as follows:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="WSO2HealthITProxy5"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="https,http">
<target>
<inSequence>
<property name="username" scope="axis2" type="STRING" value="fausto"/>
<entitlementService callbackClass="org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler"
client="basicAuth"
remoteServicePassword="enc:bS+kMgBk0W1nzqVwpAJ3RRkbieLEuMepiGa/sf9mQrVvbyNrAf1vbsJTohkX2KBr6oVVUcwSiT/lNi54B/4WMQMrcXWN+ewktsZTRlj8qE7lwyJZ0kfUvm+9h5rN8MRfJvQ8FQ8gxoHyNuhR4dD2J3l/nWxgjfnfWPpI8LV4zwk="
remoteServiceUrl="https://localhost:9440/services/"
remoteServiceUserName="admin">
<onReject>
<log level="custom">
<property name="FAULT" value="ON REJECT CALLED"/>
</log>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/"
value="soap11Env:Server"/>
<reason value="UNAUTHORIZED"/>
<role/>
<detail>XACML Authorization Failed</detail>
</makefault>
<property name="RESPONSE" scope="default" type="STRING" value="true"/>
<header action="remove" name="To" scope="default"/>
<send/>
</onReject>
<onAccept>
<log level="custom">
<property name="FAULT" value="ON ACCEPT CALLED"/>
</log>
<send>
<endpoint>
<address uri="http://localhost:9764/services/WSO2HealthIT"/>
</endpoint>
</send>
</onAccept>
<obligations/>
<advice/>
</entitlementService>
</inSequence>
<outSequence>
<header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
action="remove"
name="wsse:Security"/>
<send/>
</outSequence>
</target>
<publishWSDL uri="http://localhost:9764/services/WSO2HealthIT?wsdl2"/>
<description/>
</proxy>
On the IS side, the policies are defined as follows:
EntitlementFilterPolicy.xml
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="EntitlementFilterPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
<Target></Target>
<Rule Effect="Permit" RuleId="Rule1">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/WSO2HealthWebApplication2/addPatient.jsp</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
</Apply>
<AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Apply>
</Condition>
</Rule>
<Rule Effect="Permit" RuleId="Rule2">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/WSO2HealthWebApplication2/(patientInfoPage|getPatientDetails).jsp</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
</Apply>
<AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Apply>
</Condition>
</Rule>
</Policy>
dssOperationPolicy.xml
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="dssOperationsPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
<Target></Target>
<Rule Effect="Permit" RuleId="Rule1">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*/WSO2HealthITProxy5/patientDetailsByNumber</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
</Apply>
<AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Apply>
</Condition>
</Rule>
<Rule Effect="Permit" RuleId="Rule2">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*/WSO2HealthITProxy5/registerPatient</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
</Apply>
<AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Apply>
</Condition>
</Rule>
</Policy>
Login authentication works fine, but when trying to get some patient information though the ESB proxy, I get the following errors on the ESB system log.
TID[-1234] [ESB] [2016-11-25 14:34:04,080] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://192.168.23.250:9440/services/EntitlementService] org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233) org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:186) org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659) org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59) org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403) org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) java.lang.Thread.run(Thread.java:745)
and
TID[-1234] [ESB] [2016-11-25 14:34:04,082] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} - Error occurred while evaluating the policy org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199) org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259) org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94) org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66) org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97) org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59) org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210) org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403) org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) java.lang.Thread.run(Thread.java:745)
It looks like I can't get through the IS Entitlement Service as the service seems not to exist. I have been looking at the documentation without any useful results.
Does anyone can help or has been facing the same issue?
Thanks in advance.
At the end, I figured out what the problems were.
First, I went to read the wso2carbon.log file, located in $CARBON_HOME/repository/logs and I found the following problem:
TID: [-1234] [] [2016-11-29 16:01:08,502] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://192.168.23.250:9440/services/EntitlementService] {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.23.250> != </localhost>
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:158)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
TID: [-1234] [] [2016-11-29 16:01:08,503] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} - Error occurred while evaluating the policy {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
org.apache.axis2.AxisFault: hostname in certificate didn't match: <192.168.23.250> != </localhost>
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.23.250> != </localhost>
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:260)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:158)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
... 24 more
It is evident that the problem is in the certificates and in the https request.
My services were in different Docker containers so I could not use localhost as the caller host, because each service has a different ip.
So, I decided to try the http request instead of the https, but the result was:
TID: [-1234] [] [2016-11-29 16:07:37,192] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} - Error occurred while evaluating the policy {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) http://192.168.23.250:9760/services/EntitlementService
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.entitlement.stub.EntitlementServiceStub.getDecision(EntitlementServiceStub.java:1108)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:259)
at org.wso2.carbon.identity.entitlement.proxy.soap.basicAuth.BasicAuthEntitlementServiceClient.getDecision(BasicAuthEntitlementServiceClient.java:123)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:94)
at org.wso2.carbon.identity.entitlement.proxy.PEPProxy.getDecision(PEPProxy.java:66)
at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:185)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:210)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
That means that the policy EntitlementService is available only through https.
At the end I solved the problem putting IS and ESB in the same Docker container. The request is now at localhost and everything goes fine.
Now, the question is: how can I handle ESB and IS services together when these components are installed in two different machines?
I have a simple string as input and after calling a web service which adds the string to an array.Now i have to assign the array to the output(which i have set as a string array in the schema).The enterprise manager gives a fault and says the result contains multiple nodes for the XPath expression given.The Assign activity is shown as pending.So basically how do i assign an array or a list to the output variable which is also set as an array.The wsdl file used is:
<?xml version = '1.0' encoding = 'UTF-8'?>
<definitions
name="ReturnTypeService"
targetNamespace="http://examples2/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="http://examples2/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
>
<types>
<xsd:schema>
<xsd:import namespace="http://examples2/" schemaLocation="http://localhost:7101/Examples2-Examples2-context-root/ReturnTypePort?xsd=1"/>
</xsd:schema>
</types>
<message name="display">
<part name="parameters" element="tns:display"/>
</message>
<message name="displayResponse">
<part name="parameters" element="tns:displayResponse"/>
</message>
<portType name="ReturnType">
<operation name="display">
<input message="tns:display"/>
<output name="displayResponse"
message="tns:displayResponse"/>
</operation>
</portType>
<binding name="ReturnTypePortBinding" type="tns:ReturnType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="display">
<soap:operation soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="ReturnTypeService">
<port name="ReturnTypePort" binding="tns:ReturnTypePortBinding">
<soap:address location="http://localhost:7101/Examples2-Examples2-context-root/ReturnTypePort"/>
</port>
</service>
</definitions>
#vanto Is there a way to assign an array from input variable to invoke_input variable?The problem is there are multiple inputs in my web service so i am not able to copy the wrapping element in input variable to wrapping variable in invoke variable.Will copy the snippet of the code here :
<assign name="Assign1">
<copy>
<from variable="inputVariable" part="payload"
query="/ns2:process/ns2:dsaName"/>
<to variable="Invoke1_processList_InputVariable"
part="parameters" query="/ns1:processList/dsaName"/>
</copy>
<copy>
<from variable="inputVariable" part="payload"
query="/ns2:process/ns2:linesOfData"/>
<to variable="Invoke1_processList_InputVariable"
part="parameters" query="/ns1:processList/linesOfData"/>
</copy>
<copy>
<from variable="inputVariable" part="payload"
query="/ns2:process/ns2:description"/>
<to variable="Invoke1_processList_InputVariable"
part="parameters" query="/ns1:processList/description"/>
</copy>
<copy>
<from variable="inputVariable" part="payload"
query="/ns2:process/ns2:application"/>
<to variable="Invoke1_processList_InputVariable"
part="parameters" query="/ns1:processList/application"/>
</copy>
</assign>
The problem is only one is of list type all others are of string type.The XML for this is:
<element name="process">
<complexType>
<sequence>
<element name="dsaName" type="string" minOccurs="0"/>
<element name="linesOfData" type="string" minOccurs="0" maxOccurs="unbounded"/>
<element name="description" type="string" minOccurs="0"/>
</sequence>
</complexType>
</element>
<element name="processResponse">
<complexType>
<sequence>
<element name="result" type="string" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
</element>
</schema>
A from-spec and to-spec must not select more than one element or attribute. In your case it appears to select all <return> elements in your variable's part (i.e. the items of the array). Try to copy the element that wraps the items (i.e. the ns1:displayResponse element) and copy this element to ns2:processResponse (the wrapping element in the to-variable).
Since both source and target elements seem to be in different namespaces and are of different types, you probably need to run it through an XSLT script (using doXSLTransform) to translate it from the source schema to the target schema.
I have a.wsdl & b.wsdl where a.wsdl imports b.wsdl.
Now I have to customize the schema inside b.wsdl using wsimport and JAXB. but using below customization is giving error that "XPath evaluation of "wsdl:definitions/wsdl:types/xsd:schema[#targetNamespace='b']" results in an empty target node
I am not able to find a way to customize the inlined schema in imported b.wsdl when generating the client code using wsimport.
<jaxws:bindings node="wsdl:definitions/wsdl:types/xsd:schema[#targetNamespace='b']"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<jaxb:globalBindings>
<jaxb:javaType name="java.util.Calendar" xmlType="xsd:dateTime"
parseMethod="javax.xml.bind.DatatypeConverter.parseDateTime"
printMethod="javax.xml.bind.DatatypeConverter.printDateTime" />
</jaxb:globalBindings>
</jaxws:bindings>
A.wsdl
<definitions targetNamespace="a"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:interface="b">
<import location="b.wsdl" namespace="b"/>
<service name="Service">
<port binding="interface:Binding" name="Port">
<soap:address location="https://localhost/sdk/vpxdService" />
</port>
</service>
</definitions>
B.wsdl
<definitions targetNamespace="b"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:b="b"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<types>
<schema
targetNamespace="b"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:b="b"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
<complexType name="XYZ">
<sequence>
<element name="dynamicType" type="xsd:string" minOccurs="0" />
<element name="val" type="xsd:anyType" maxOccurs="unbounded" />
</sequence>
</complexType>
</types>
</schema>
</definitions>
After going through given website I modified the external binding file to use wsdlLocation="b.wsdl" instead of node="wsdl:definitions/wsdl:types/xsd:schema[#targetNamespace='b']" which did the magic.
This will make sure that the inline schema defined in WSDL will customized as required.
<bindings
xmlns="http://java.sun.com/xml/ns/jaxb"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl"
version="2.0">
<bindings wsdlLocation="b.wsdl">
<globalBindings>
<javaType name="java.util.Calendar" xmlType="xsd:dateTime"
parseMethod="javax.xml.bind.DatatypeConverter.parseDate"
printMethod="javax.xml.bind.DatatypeConverter.printDate"
/>
</globalBindings>
</bindings>
</bindings>
http://fusesource.com/docs/framework/2.1/jaxws/JAXWSCustomTypeMappingOverview.html
Have you tried adding the following attributes to the <jaxws:bindings> element?
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
and
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
You're referencing the xsd and wsdl namespaces in your xpath expression, but until you define the URI's for them, they won't match up with the URI's in the target documents.