Re: rent-a-car sts client example - Qlik Community

Anonymous · ‎2013-08-07

Hi,
When I execute car:search x 12/12/2012 12/12/2012 on karaf console, I am able to get proper response
When I execute the same request using SOAP UI I am getting error: "SAML signature validation failed"
I am calling issueToken and pasting all the security info in the getCRMInformation request.
Can you please guide me what could be the reason? Is there a way I can test it outside the example client provided, like soapui or someother app ?

coheigeartaigh · ‎2013-08-07

XML Signature is sensitive to whitespace changes. So copying + pasting a signed SAML Assertion can invalidate the Signature. How are you doing the copy + paste? Could you attach the log output of both the console + SOAP UI request?
Colm.

Anonymous · ‎2013-08-08

Hi Colm,
Pasting the tesb.log.
2013-08-08 09:17:37,520 | INFO | qtp27705876-56 | STS | eptor.AbstractLoggingInterceptor 234 | 117 - org.apache.cxf.cxf-api - 2.7.5 | Inbound Message
----------------------------
ID: 96
Address: http://10.87.252.72:8040/services/SecurityTokenService/UT
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=, connection=, Content-Length=, content-type=, Host=, SOAPAction=, User-Agent=}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse

To see the whole post, download it here
OriginalPost.pdf

coheigeartaigh · ‎2013-08-08

How are you copying + pasting the SAML Token? If you are copying from the logs directly it *might* work, but it may not as even the addition of a single line break will invalidate the Signature.
Colm.

Anonymous · ‎2013-08-08

Hi Colm,
I am copying from the karaf console and pasting into soap ui request. I copy whole element saml2:Assertion. Also the other fields like digest, signature value, saml id and notbefore notafter fields by values. The signature value and digest are occurring once in samlAssertion tag and outside the tag this I do not understand. But Iam replicating the structure of working example of getcrminformation method
Basically my idea is to find a way to test any talend service created in studio and enabled by sts. I am not able to understand how to create aclient that can call my Web service. As per the requirement there should be another way to call a service without using all resources like handler, maven and spring beans stuff.
Any suggestion that would help me progress would be appreciated. Thanks.

coheigeartaigh · ‎2013-08-09

Hi,
Ok I have looked into this + was able to get a response from SOAP-UI. These are the steps I followed:
1) You must disable the timestamp cache, as otherwise when you send the message from SOAP-UI with the same Timestamp, it will be treated as a replay attack.
a) Edit "examples/talend/tesb/rent-a-car/crmservice/service-endpoint-sts/src/main/resources/META-INF/spring/beans.xml". Add the following jaxws

roperties to the "Endpoint" definition:
<entry key="ws-security.enable.timestamp.cache" value="false" />
b) Do the same as (a) for "examples/talend/tesb/rent-a-car/reservationservice/service-endpoint-sts/src/main/resources/META-INF/spring/beans.xml"
2) Rebuild the rent-a-car sample and deploy in the container. Rent a car for a user, and then execute the "car:search" command successfully.
3) Edit "log/tesb.log" and look for the request that is sent. Copy the security header from the request and paste into SOAP-UI under the SOAP header.
4) Do a "find-and-replace" to replace the SOAP-UI "soapenv" with "soap" that is used by TESB.
This lead to a successful service invocation.
Colm.

rent-a-car sts client example

Other

SOAP

v5.x