[
https://issues.apache.org/jira/browse/CXF-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Chappell updated CXF-5664:
----------------------------------
Here is a sample request minus a few security headers:
<soapenv:Envelope xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Timestamp wsu:Id="TS-569">
<wsu:Created>2014-04-01T16:56:46.902Z</wsu:Created>
<wsu:Expires>2014-04-01T17:01:46.902Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:Action wsu:Id="id-571"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</wsa:Action>
<wsa:MessageID wsu:Id="id-572"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>uuid:ce62c391-310c-4e69-8ee6-0dd0f9320987</wsa:MessageID>
<wsa:To wsu:Id="id-570"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>http://localhost:9080/FAA-IAM-STS/STS-BST</wsa:To>
</soapenv:Header>
<soapenv:Body wsu:Id="id-245"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy";>
<wsp:URI>http://localhost:8080/testep</wsp:URI>
</wsp:AppliesTo>
<wst:SecondaryParameters>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
</wst:SecondaryParameters>
<wst:UseKey>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>MIIHEjCCBfqgAwIBAgIQBcXn9M9ICybEXtKJgkel9jANBgkqhkiG9w0BAQsFADCB3jELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEqMCgGA1UECxMhVS5TLiBEZXBhcnRtZW50IG9mIFRyYW5zcG9ydGF0aW9uMSgwJgYDVQQLEx9GZWRlcmFsIEF2aWF0aW9uIEFkbWluaXN0cmF0aW9uMSEwHwYDVQQLExhOYXRpb25hbCBBaXJzcGFjZSBTeXN0ZW0xHzAdBgNVBAsTFkZPUiBURVNUIFBVUlBPU0VTIE9OTFkxGzAZBgNVBAMTEk5BUyBEZXZpY2UgVEVTVCBDQTAeFw0xMzEyMDQwMDAwMDBaFw0xNDEyMDQyMzU5NTlaMIHSMQswCQYDVQQGEwJVUzEYMBYGA1UEChQPVS5TLiBHb3Zlcm5tZW50MSowKAYDVQQLFCFVLlMuIERlcGFydG1lbnQgb2YgVHJhbnNwb3J0YXRpb24xKDAmBgNVBAsUH0ZlZGVyYWwgQXZpYXRpb24gQWRtaW5pc3RyYXRpb24xITAfBgNVBAsUGE5hdGlvbmFsIEFpcnNwYWNlIFN5c3RlbTENMAsGA1UECxQEc3dpbTENMAsGA1UECxQEdGVzdDESMBAGA1UEAxMJc3dkdnJoMDMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBZKxDZB7yqxX1i+cejpvplBMdnINikzXxy5EBIIlrg2UsgxWHWjGCk6P1hGV+HZYdmPM73TvyVh6h0G2B0+dvE4x3RMstbChsSIB+Bj0PLnk3zjEQuMnqHIALDriMOc52OHgIYdqGGbDJzMnOzlLukwF3nDCKdY4UeDGk8KbGs7tTRAlfTDhclBtBAodCSccSq1y7YbQzjeFztHGFaETppYVT4NjDc5xMrt3XLv03D6nTIYRXc92lXjIH9sGKFGk046anQy4FutPmt7Zv/j/VnfuiJdQCQ2E8rFZnnHA3Mz2nckP2InxGnBDK9ab8q6QN9e2ileeQ+4MN57bo3+dQIDAQABo4IC1DCCAtAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA/gwagYDVR0fBGMwYTBfoF2gW4ZZaHR0cDovL3BpbG90b25zaXRlY3JsLnZlcmlzaWduLmNvbS9VU0RlcGFydG1lbnRvZlRyYW5zcG9ydGF0aW9uRkFBTkFTU1NQU1NML0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUyS7HZ5Oo82KvxhJL/dQYPNr3ZDcwHQYDVR0OBBYEFBZSGgycDCHr7r58NdVnC8GLB4KcMCYGA1UdEQQfMB2CG3N3ZHZyaDAzMi50ZXN0LnN3aW0ubmFzLmZhYTCCAagGCCsGAQUFBwEBBIIBmjCCAZYwSAYIKwYBBQUHMAKGPGh0dHA6Ly9waWxvdC1zc3AtYWlhLnZlcmlzaWduLmNvbS9TU1AvRG9UX1NTUF9OQVNfRGV2aWNlLnA3YzCCARwGCCsGAQUFBzAChoIBDmxkYXA6Ly9waWxvdC1zc3AtYWlhLWxkYXAudmVyaXNpZ24uY29tL2NuPU5BUyUyMERldmljZSUyMFRFU1QlMjBDQSUyQ291PUZPUiUyMFRFU1QlMjBQVVJQT1NFUyUyME9OTFklMkNvdT1OYXRpb25hbCUyMEFpcnNwYWNlJTIwU3lzdGVtJTJDb3U9RmVkZXJhbCUyMEF2aWF0aW9uJTIwQWRtaW5pc3RyYXRpb24lMkNvdT1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwVHJhbnNwb3J0YXRpb24lMkNvPVUuUy4lMjBHb3Zlcm5tZW50JTJDYz1VUz9jQUNlcnRpZmljYXRlO2JpbmFyeTAqBggrBgEFBQcwAYYeaHR0cDovL3BpbG90LW9jc3AudmVyaXNpZ24uY29tMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEDCDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAF4CiOsXMwqNEqdP48zanaAmRV3ugykOcz5AsfQozZfwKUZSkeE/xQZmVbbPyFywSrzjs5JThTHHsiQwVId8EQJ9nyjOCuQcfSlNanCHwFP8ZOm3EVQGDW2oAyRHZjsDAsSdosk7BvvZ2nLF8RlzA600PqRfbtVH6pPdCNFc9tEvnveRnNQEXExlSYBvuhkfhJAOcy3rvGiTVI65zAjJ4tcBts/Uk1kbuUw8nSG5G321sj7DW1rZjJI257mVDh54s00HumDJ3XIrrErqNdHScR69JfYQ6/yJLvN9GHuvQHPmV6OOF28GZGLXOI5aixmjTQ3+dZw77JDF/tKOimstIsA=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</wst:UseKey>
<wst:Participants>
<wst:Participant>
<wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsa:Address>http://localhost:8080/testep</wsa:Address>
</wsa:EndpointReference>
<wsp:URI
xmlns:wsp="http://www.w3.org/ns/ws-policy";>http://cxf.apache.org/endpoint</wsp:URI>
</wst:Participant>
</wst:Participants>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
> CXF STS does not support wst:Participants
> -----------------------------------------
>
> Key: CXF-5664
> URL: https://issues.apache.org/jira/browse/CXF-5664
> Project: CXF
> Issue Type: Bug
> Components: STS
> Affects Versions: 2.7.8, 2.7.9, 2.7.10
> Reporter: Stephen Chappell
> Labels: features, security
>
> The CXF STS does not recognize the wst:Participants element within a
> wst:RequestSecurityToken, and instead throws a BadRequest SOAP fault. The
> Participants element should be parsed and added to the list of
> AudienceRestrictions in the issued token.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
