metro client fails against the service running on SOA and using SAML Token.

[glassfishrobot]

SAML Scenario failing with metro 1.6

Scenario details

Client metro-1.6 ------------> SOA Service

Server endpoint

http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep?WSDL

Request/Response Log

INFO: WSP1049: Loaded WSIT configuration from file: file:/scratch/aime1/NetBeansProjects/TestSAMLSOA1/build/classes/META-INF/wsit-client.xml ---HTTP request - [http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep]--- Content-type: multipart/related;start="rootpart*b8c99c64-092f-4e3f-81e6-24fdcbf96555@example.jaxws.sun.com";type="application/xop+xml";boundary="uuid:b8c99c64-092f-4e3f-81e6-24fdcbf96555";start-info="text/xml" User-agent: JAX-WS RI 2.1.8-hudson-11- Soapaction: "" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, ; q=.2, /; q=.2 --uuid:b8c99c64-092f-4e3f-81e6-24fdcbf96555 Content-Id: <rootpartb8c99c64-092f-4e3f-81e6-24fdcbf96555@example.jaxws.sun.com> Content-Type: application/xop+xml;charset=utf-8;type="text/xml" Content-Transfer-Encoding: binary

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"><wsse:Security S:mustUnderstand="1"><wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">2010-07-06T11:56:18Z</wsu:Created>2010-07-06T12:01:18Z</wsu:Expires></wsu:Timestamp><saml:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" AssertionID="1278417378455" IssueInstant="2010-07-06T11:56:18.456Z" Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2010-07-06T10:56:18.456Z" NotOnOrAfter="2010-07-06T12:56:18.456Z" /><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">orakey</saml:NameIdentifier>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="attribute1" AttributeNamespace="urn:com:sun:xml:wss:attribute"><saml:AttributeValue xmlns:ns5="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns6="http://www.w3.org/2001/XMLSchema" ns5:type="ns6:string">ATTRIBUTE1</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion><xenc:EncryptedKey xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5002"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="keyInfo"><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">91tYxY3ACP8PP17Mp9qTI4CcJgw=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:04a50084-32b1-41b0-b62f-e00c93e46cd6@example.jaxws.sun.com"/></xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="uuid_32c2aede-9867-427a-a953-280079cdd06b"><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:0e831320-9942-4e2e-8bfa-0372fb8236a7@example.jaxws.sun.com"/></wsse:BinarySecurityToken><xenc:ReferenceList xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope"><xenc:DataReference URI="#_5004" /></xenc:ReferenceList><wsse:SecurityTokenReference xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid_23263fde-d07a-4839-af59-4d1543f62bf2" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">1278417378455</wsse:KeyIdentifier></wsse:SecurityTokenReference><ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /><ds:Reference URI="#_5003"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:4c270b9b-650e-401d-9b37-009ceca85d6d@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference URI="#_3"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:eddbac25-fffb-4e32-af3a-31ef967149d3@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference URI="#_4"><ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:3015a735-2f9f-416e-bf08-3ebf1633f307@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference URI="#uuid_23263fde-d07a-4839-af59-4d1543f62bf2"><ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></wsse:TransformationParameters></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:a07dabb6-40a6-4735-b1c6-e086d7bf2e66@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference></ds:SignedInfo><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:5211a91b-77bb-449d-a1d4-fb557667fccf@example.jaxws.sun.com"/></ds:SignatureValue><wsse:SecurityTokenReference wsu:Id="uuid_c21763cc-407c-4284-b37a-b745b8c03602"><wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#uuid_32c2aede-9867-427a-a953-280079cdd06b"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:f7be1283-8817-4f35-b37a-586fd0c69e6f@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference><ds:Reference URI="#_1"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:61d2fc04-f962-405a-be24-88d7c0871344@example.jaxws.sun.com"/></ds:DigestValue></ds:Reference></ds:SignedInfo><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:da49254b-fd70-4a76-8225-6607746bcfb4@example.jaxws.sun.com"/></ds:SignatureValue><wsse:Reference URI="#uuid_32c2aede-9867-427a-a953-280079cdd06b" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></S:Header><S:Body wsu:Id="_5003"><xenc:EncryptedData xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5004" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="keyInfo"><wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /></wsse:SecurityTokenReference></ds:KeyInfo><Include xmlns="http://www.w3.org/2004/08/xop/include" href="cid:34ed8172-67e1-4b52-9ef2-91d0f21a00d2@example.jaxws.sun.com"/></xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body></S:Envelope>

---[HTTP response - http://ejp5356-vm2.india.sun.com:8001/soa-infra/services/default/SAMLEcho!1.0*soa_a2598a78-4978-40b3-8ba2-d4cf9261ba98/SAMLMediator_ep

• 500]--- null: HTTP/1.1 500 Internal Server Error Content-type: text/xml; charset=utf-8 Content-length: 363 X-powered-by: Servlet/2.5 JSP/2.1 Date: Tue, 06 Jul 2010 11:56:19 GMT X-oracle-dms-ecid: 0000IabbI753Z7e5xbk3yW1C6Z9_003jGF Soapaction: "" <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:FailedCheckFailedCheck : failure in security check</env:Fault></env:Body></env:Envelope>-------------------- javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189) at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118) at $Proxy37.echo(Unknown Source) at testsamlsoa1.Main.main(Main.java:26) BUILD SUCCESSFUL (total time: 3 seconds)

Server Log

<Jul 6, 2010 5:43:25 PM IST>

<[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405141> #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405142> #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405143> #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405143> #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405144> #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1278418405171> #### Environment Operating System: All Platform: All #### Affected Versions [1.6]

[glassfishrobot]

Reported by anand_mishra@java.net

[glassfishrobot]

anand_mishra@java.net said: There is no version entry for 2.0.1. I shall be inculding more finer log soon.

[glassfishrobot]

sm228678@java.net said: this is a bug on oracle side and we had already filed a bug against oracle SOA some time back

[glassfishrobot]

kumarjayanti@java.net said: Issue was filed on OWSM. Not a metro bug. Marking the issue as 2.1-waived instead of closing as WONTFIX so that it can be tracked by QE

[glassfishrobot]

symonchang said: Issue was filed on OWSM. This issue is not a metro bug. Marking the issue to 'metro2_3-exclude' as the issue is not valid in context of metro. Need to verify this issue has already been fixed in current release of OWSM.

[glassfishrobot]

Was assigned to symonchang

[glassfishrobot]

This issue was imported from java.net JIRA WSIT-1453