SAML with WS-SecurityPolicy WebMethods 8.2

anil_kumar1 · June 30, 2012, 5:26am

Hello,

We are trying to implement SAML with WS-SecurityPollicy. We are using SAML “Bearer” confirmation method. However, we are getting ClassCast exception when processing the header.

There is no documentation provided about supporting Bearer confirmation method. We are using SAML 2.0 tokens. Policy is also configured for SAML 2.0

Policy is SAML_Authentication —No encryption and No Signature.

Ex[b]ception

org.opensaml.saml2.core.impl.SubjectConfirmationDataImpl cannot be cast to org.opensaml.saml2.core.KeyInfoConfirmationDataType[/b]

<soapenv:Envelope xmlns:lexs=“http://usdoj.gov/leisp/lexs/3.1” xmlns:lexssr=“http://usdoj.gov/leisp/lexs/searchretrieve/3.1” xmlns:ns2=“http://niem.gov/niem/structures/2.0” xmlns:ns3=“http://niem.gov/niem/niem-core/2.0” xmlns:soapenv=“http://schemas.xmlsoap.org/soap/envelope/”>
soapenv:Header
<wsse:Security soapenv:mustUnderstand=“1” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
<wsu:Timestamp wsu:Id=“TS-10”>
wsu:Created2012-06-29T15:03:08.795Z</wsu:Created>
wsu:Expires2012-06-29T15:04:08.795Z</wsu:Expires>
</wsu:Timestamp>

ISSUER URL
<ds:Signature xmlns:ds=“XML-Signature Syntax and Processing”>
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm=“Exclusive XML Canonicalization Version 1.0”/>
<ds:SignatureMethod Algorithm=“xmldsig-more namespace”/>
<ds:Reference URI=“#_d6256236-2241-447f-a4bb-4f7a6092aa06”>
ds:Transforms
<ds:Transform Algorithm=“XML-Signature Syntax and Processing”/>
<ds:Transform Algorithm=“Exclusive XML Canonicalization Version 1.0”/>
</ds:Transforms>
<ds:DigestMethod Algorithm=“XML Encryption Syntax and Processing”/>
ds:DigestValueDigest Value=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValueX78zi0DFUopTA+t36XXYvGY1KjmtfxYCZhfcy/rfz8kfBYKmq9AdEc1ISMS9mxVtP9uBEYkmYP53qtBNGfiNWCR+ACKBVVoBEH/YG4rFMRp/1SyF2M28y1bL/QamiGdI/VoR7aJItORygord8XYWWgk4hN/X0ayw=</ds:SignatureValue>

ds:X509Data ds:X509CertificateCERTAAOCAQEAjO6NytX2xOelrjX7hEuHNrPleDGtUnHtKcoecG09dnusgkv+9/5mQt5lFvrLblktmzMqBujaC4LA4upyb3wkOH1KKyavwlU9LafJOXwD40gD5lsPMH9lTlvxaa1s1bHuQsnTm6D/faMr3Ci3c/eAkIQYJ04iRSve8+GRsy7YcaTf4mUdsTsTQcxzPreGGeiBIu5Avsb8cZ16BdJuuzMDCx/h7KgRC+qvhdtRI/Tvae85HlP1/Xffb2WNz9kUBBtwr4MbY9kDPxISf68Lv1ElP26LLLyG2tJgrdKtS2izElQIbnlCElJMuDXgJJoiHG9PQ6mBCblvDFX9bd7rJlImBg==</ds:X509Certificate>
</ds:X509Data>

</ds:Signature>

Service URL

CTCISS:IDP:CISS

</wsse:Security>
</soapenv:Header>

Any help is greatly appreciated.