1. 首頁
  2. 問答
  3. 基於聲明的Sharepoint站點和Apache CXF STSClient通信

基於聲明的Sharepoint站點和Apache CXF STSClient通信

2016-11-14 50 views
0

我們目前正在開發一個項目,我們需要在使用基於聲明的身份驗證的Sharepoint 2016站點中訪問Sharepoint Foundation Web服務API。用於提供索賠的安全令牌服務是託管在Win2k12服務器上的ADFS 2.0。用戶需要出示他的電子郵件地址以便進行認證並獲取安全令牌以進行進一步操作。基於聲明的Sharepoint站點和Apache CXF STSClient通信

注:由於這是我們使用的是自簽名證書的ADFS端點的開發設置

我們使用Apache CXF 2.7.12和JDK 8的客戶端開發堆棧訪問本網站服務。當我們請求令牌時,在WARNING級別會記錄與HttpsToken斷言失敗相關的異常,然後不會發生任何事情。電話沒有完成,我們必須殺死這個過程。

由於這是我們第一次使用CXF,要求在如何解決這個問題上提供一些幫助和指導。我們已經提到了以下網站進行初步調查,但沒有人似乎與這個特殊的問題是幫助我們:

Using Apache CXF to connect CRM Dynamics

Apache CXF Client Configuration options

下面是WS-政策對SharePoint站點可在URL

<wsp:Policy wsu:Id="UserNameWSTrustBinding_IWSTrust13Async_policy"> 
<wsp:ExactlyOne> 
<wsp:All> 
<sp:TransportBinding> 
<wsp:Policy> 
<sp:TransportToken> 
<wsp:Policy> 
<sp:HttpsToken/> 
</wsp:Policy> 
</sp:TransportToken> 
<sp:AlgorithmSuite> 
<wsp:Policy> 
<sp:Basic256/> 
</wsp:Policy> 
</sp:AlgorithmSuite> 
<sp:Layout> 
<wsp:Policy> 
<sp:Strict/> 
</wsp:Policy> 
</sp:Layout> 
<sp:IncludeTimestamp/> 
</wsp:Policy> 
</sp:TransportBinding> 
<sp:SignedEncryptedSupportingTokens> 
<wsp:Policy> 
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
<wsp:Policy> 
<sp:WssUsernameToken10/> 
</wsp:Policy> 
</sp:UsernameToken> 
</wsp:Policy> 
</sp:SignedEncryptedSupportingTokens> 
<sp:EndorsingSupportingTokens> 
<wsp:Policy> 
<sp:KeyValueToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never" wsp:Optional="true"/> 
<sp:SignedParts> 
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> 
</sp:SignedParts> 
</wsp:Policy> 
</sp:EndorsingSupportingTokens> 
<sp:Wss11> 
<wsp:Policy/> 
</sp:Wss11> 
<sp:Trust13> 
<wsp:Policy> 
<sp:MustSupportIssuedTokens/> 
<sp:RequireClientEntropy/> 
<sp:RequireServerEntropy/> 
</wsp:Policy></sp:Trust13> 
<wsaw:UsingAddressing/> 
</wsp:All> 
</wsp:ExactlyOne> 
</wsp:Policy>

我們現在配置STSClient如下:

STSClient spSTSClient = new STSClient(bus); 
spSTSClient.setTrust(new Trust10(SP12Constants.INSTANCE)); 
spSTSClient.setSoap12(); 


//would we also also need to set the token type and key type? 

// spSTSClient.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion"); 
//spSTSClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");   

spSTSClient.setWsdlLocation("https://myadfsserver.com/adfs/services/trust/mex"); 
spSTSClient.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"); 
    spSTSClient.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserNameWSTrustBinding_IWSTrust13Async"); 
      spSTSClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing"); String sharePointUsername = 「[email protected]"; 
String sharePointPassword = 「foobar#」; 

SecurityToken secToken = spsSTSClient.requestSecurityToken("http://mysharepointsite.com/_trust");

requestSecurityToken調用拋出一個如下圖所示的警告:

WARNING: Interceptor for {http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService#{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}Trust13IssueAsync has thrown exception, unwinding now 
org.apache.cxf.ws.policy.PolicyException: Assertion of type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken could not be asserted: Not an HTTPs connection 
    at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor.assertHttps(HttpsTokenInterceptorProvider.java:144) 
    at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor.handleMessage(HttpsTokenInterceptorProvider.java:87) 
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)

來源

2016-11-14 Prahalad Deshpande

回答

0

的WSDL要求TransportBinding可以使用,但您使用的不是「https」開頭的網址,如:「http://mysharepointsite.com/_trust

來源

2016-11-21 10:30:49

+0

謝謝你的迴應。我意識到這是代碼中的一個錯字。但是,即使做了這個改變,問題仍然存在。解決此問題的唯一方法是使用空WSP策略指定策略覆蓋。但是我知道這是一個* Hack *。任何其他技巧疑難解答將是偉大的。另外,使用這個空的策略XML,Https錯誤消失了,但是現在我收到一個錯誤,表示{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding:Received Timestamp不匹配要求。這意味着什麼? –

相關問題

 相關問題