How to link saml service provider(addRPServiceProvider) and application in WSO2 IS? - soap

Created an application with this soap call createApplication()
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:createApplication>
<xsd:serviceProvider>
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<xsd1:description>SaMLApp</xsd1:description>
</xsd:serviceProvider>
</xsd:createApplication>
Added a service provider with this soap call addRPServiceProvider()
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://dto.saml.sso.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:addRPServiceProvider>
<xsd:spDto><xsd1:assertionConsumerUrl>http://localhost:8080/travelocity.com/home.jsp</xsd1:assertionConsumerUrl>
<xsd1:doSignAssertions>true</xsd1:doSignAssertions>
<xsd1:doSignResponse>true</xsd1:doSignResponse>
<xsd1:doSingleLogout>true</xsd1:doSingleLogout>
<xsd1:issuer>sophos.com</xsd1:issuer>
<xsd1:nameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</xsd1:nameIDFormat>
<xsd1:useFullyQualifiedUsername>true</xsd1:useFullyQualifiedUsername>
</xsd:spDto>
</xsd:addRPServiceProvider>
Now how should I link those by calling updateApplication()? What should be the attributes of update application soap call? I referred this, but could not figure out the linking part in updateApplication().
Note: I can create these on WSO2 IS management console web UI. I could not create them through API calls.

SAML application will be added as an inbound authentication configuration of the Service Provider. So when you call updateApplication method, use the issuer name that you used to create the SAML application (travelocity.com in your case) as the inboundAuthKey in inboundAuthenticationConfig section. If you need a code sample please follow this.

Related

Soap UI mock Missing operation for soapAction

I created SoapUI 5.7.0 mock with SSL and I am getting below exception. I set Require SOAP action to false in general mock properties, but I believe it only affects non - https mocks. HTTPs mock i created automatically when I mark SoapUI -> Preferences -> SSL Settings -> Enable SSL for mock services. But there seems not to be an option for marking Require SOAP action in SSL settins. Unfortunatelly I cannot change the Java code which is invoking this mock service.
Is there any way to make it working ?
javax.xml.ws.soap.SOAPFaultException: Response was of unexpected text/html ContentType. Incoming portion of HTML stream: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>Server</faultcode>
<faultstring>Missing operation for soapAction [http://xxxxx/v1/wsdl/aaa/bbb] and body element [{http://www.w3.org/2001/04/xmlenc#}EncryptedData] with SOAP Version [SOAP 1.1]</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

how to see my service provider and identity provider in database when i have added by using webservices

I am using an automation process presently.i have configured my service provider and identity provider by using the Ui successfully it is reflecting to database in these case my db is h2. But now i am trying to create the service provider and identity provider by using the webservice api of wso2is and testing by using soapUi.
My soap request is:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.saml.sso.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:addRPServiceProvider>
<!--Optional:-->
<xsd:spDto>
<!--Optional:-->
<xsd1:assertionConsumerUrl>http://localhost:8080/travelocitysoap.com/home.jsp</xsd1:assertionConsumerUrl>
<!--Optional:-->
<xsd1:certAlias>wso2carbon.cert</xsd1:certAlias>
<!--Optional:-->
<xsd1:doSignAssertions>true</xsd1:doSignAssertions>
<!--Optional:-->
<xsd1:doSignResponse>true</xsd1:doSignResponse>
<!--Optional:-->
<xsd1:doSingleLogout>true</xsd1:doSingleLogout>
<!--Optional:-->
<xsd1:issuer>travelocitysoap.com</xsd1:issuer>
<!--Optional:-->
<xsd1:nameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</xsd1:nameIDFormat>
</xsd:spDto>
</xsd:addRPServiceProvider>
</soapenv:Body>
</soapenv:Envelope>
which successfully created the application and in the wso2is console the response is added successfully service provider of travelocitysoap.com.but when i am trying to see my service provider in dashboard it is not visibe to me.and it is not reflecting to the database which i am using as h2.
But when i am running the application it is successfully running.But i dont know where my service provider is storing in database of which table.
Where to add Service Provider ID so that I can view in the database with its name. Also please help me with the approach to automate Identity Provider.What am i misinterpreting.
Thanks in advance,
Vijay.
Service provider is stored in registry db, You can view your service providers by navigating to /_system/config/repository/identity/SAMLSSO in admin console.Properties tab will have all the properies of particular SP.
If you want to view the SP in admin console follow the steps given in [1]
1.https://shivabalachandran.wordpress.com/2015/03/02/quick-note-4-creating-a-sso-service-provider-through-admin-services-wso2-is-admin-services-sso/

Setting Schema Structure for Proxy Service(CFX) exposed using Mule ESB

I am very new to Mule ESB. I want to expose a Mule flow as an WebService to an external applicaton. How to set the request(payload) structure in the wsdl exposed by mule?
Am using CFX for it.
Currently my request while loading WSDL in SoapUI looks like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sup="http://support.cxf.module.mule.org/">
<soapenv:Header/>
<soapenv:Body>
<sup:invoke>
<sup:arg0>?</sup:arg0>
</sup:invoke>
</soapenv:Body>
</soapenv:Envelope>
Actual request expected to be is as follows:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://pcom.orga.com/pc/webservices/messages/v1">
<soapenv:Header/>
<soapenv:Body>
<v1:searchOfferRequest>
<searchInput>
<status>RELEASED</status>
</searchInput>
</v1:searchOfferRequest>
</soapenv:Body>
</soapenv:Envelope>
Have a look at Mule documentation for exposing a SOAP service in Mule, specifically look for the section "Creating a WSDL First JAX-WS Service" which has an example of what you are looking for.
HTH

Is there a WSO2 IS service to validate a SAML token generated from wso2carbon-sts

I referred to the below link to generate a SAML token from SOAP UI. But there is no service exposed in IS to validate a SAML token.
http://charithaka.blogspot.ae/2013/07/broker-trust-relationships-with-wso2.html
SAML Sample request in SOAP UI
RST Request
{Service.url}/services/wso2carbon-sts
{Service.url}/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2014-12-17T11:59:30.226Z</wsu:Created>
<wsu:Expires>2014-12-17T11:59:30.226Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
<wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
Also used sts client from
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sts/sts-client
Validate token which is given in WSO2 IS -> Tools -> Validate SAML Request, does not seem to work for the use case in hand, when providing the generated RSTR(Response for Security Token Request).
Is there any difference between the sts client and the link provided above?
Looking for a way to validate SAML token via SOAP service(SOAP UI)?
Sample Client provided with WSO2IS 5.0.0 will call to a service (echo) secured with sts. So it validate the sts token internal before access the service but there it does not provide a separate API to validate the token.
And in the WSO2 IS -> Tools -> Validate SAML Request
It only validate the SAML logout request and login requests not the SAML assertion only.
But in IS 5.1.0 (from next release onwards) wso2carbon-sts API will provide a validation service

WSO2 API Manager: Fault message schema (xsd)

WHat is the schema defintion of the fault message when a service on the WSO2 API Managers fails. For example the services has the status blocked, invoking this service, WSO2 replies with an proper SOAP-Fault message. What is the schema (xsd) defintition of the am:fault element?
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://foobar.nl/foobar">
<soapenv:Header/>
<soapenv:Body>
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>700700</am:code>
<am:message>API blocked</am:message>
<am:description>This API has been blocked temporarily. Please try again later or contact the system administrators.</am:description>
</am:fault>
</soapenv:Body>
</soapenv:Envelope>
A documentation request is created to WSO2 to update the documentation; https://wso2.org/jira/browse/DOCUMENTATION-866
The default schema is,
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>ERROR_CODE</am:code>
<am:message>ERROR_MESSAGE</am:message>
<am:description>ERROR_DESCRIPTION</am:description>
</am:fault>
You can customize the fault format through sequences.