错误的WSO2 Identity Server的安全令牌调用IssueToken操作服务

Question

我得到一个神秘的错误消息 - 在理性

这里encountred 错误的元素顺序也是我正在做的事情的总结：

1. 我已将UsernameToken安全策略应用于安全令牌 服务。

2. 我已将我的应用程序（http://localhost:3000/）添加为受信任的服务。

3. 我试图在

   https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/

调用IssueToken操作使用此消息：

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <s:Header> 
    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action> 
    <a:To s:mustUnderstand="1">https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/</a:To> 
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1"> 
     <o:Username>user1</o:Username> 
     <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password> 
     </o:UsernameToken> 
    </o:Security> 
    </s:Header> 
    <s:Body> 
    <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
     <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> 
     <a:EndpointReference> 
      <a:Address>http://localhost:3000/</a:Address> 
     </a:EndpointReference> 
     </wsp:AppliesTo> 
     <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> 
     <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> 
     <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType> 
    </trust:RequestSecurityToken> 
    </s:Body> 
</s:Envelope> 

我得到这个错误：

<html><head><title>Apache Tomcat/7.0.34 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - Wrong element order encountred at Reason</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>Wrong element order encountred at Reason</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.apache.axiom.om.impl.exception.OMBuilderException: Wrong element order encountred at Reason 
       org.apache.axiom.soap.impl.builder.SOAP12BuilderHelper.handleEvent(SOAP12BuilderHelper.java:94) 
       org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:429) 
       org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:273) 
       org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createNextOMElement(StAXSOAPModelBuilder.java:234) 
       org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249) 
       org.apache.axiom.om.impl.dom.NodeImpl.build(NodeImpl.java:447) 
       org.apache.axiom.om.impl.dom.ParentNode.getChildNodes(ParentNode.java:168) 
       org.apache.ws.security.util.WSSecurityUtil.findChildElement(WSSecurityUtil.java:596) 
       org.apache.ws.security.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:717) 
       org.apache.ws.security.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:145) 
       org.apache.rampart.RampartMessageData.&lt;init&gt;(RampartMessageData.java:406) 
       org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) 
       org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) 
       org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) 
       org.apache.axis2.engine.Phase.invoke(Phase.java:313) 
       org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) 
       org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:515) 
       org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) 
       org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398) 
       org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188) 
       org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) 
       javax.servlet.http.HttpServlet.service(HttpServlet.java:755) 
       javax.servlet.http.HttpServlet.service(HttpServlet.java:848) 
       org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) 
       org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) 
       org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) 
       javax.servlet.http.HttpServlet.service(HttpServlet.java:848) 
       org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) 
       org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) 
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.34 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.34</h3></body></html> 

关于我做错什么的想法？

Answer 1

我不确定您提到的确切错误。但是，如果我只是看，我可以看到在安全标题中错过了时间戳。不过，我会复制我尝试过的请求消息...我使用此消息与SOAPUI从STS服务获取SAML断言..我想这可能会帮助你..如果您使用此消息，请考虑有关时间戳价值..你可以改变它，因为它没有签名。

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2014-03-04T17:53:57.033Z</wsu:Created> <wsu:Expires>2014-03-04T17:58:57.033Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2"> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password> </wsse:UsernameToken> </wsse:Security> <wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To> <wsa:ReplyTo> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID> <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action> </soapenv:Header> <soapenv:Body> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> <wst:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:53:56.768Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:58:56.768Z</wsu:Expires> </wst:Lifetime> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType> <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType> <wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims"> <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType> <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType> </wst:Claims> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope>