Does anyone know why Rampart cannot find the SAML Token generated by its own STS service?
I have an Axis2 1.6.2 deployment in Tomcat 7.0.28 with Rampart 1.6.2. I use the Rampart STS service to obtain their default SAML token. The token is obtained by the client is valid. (I have validated the signatures, SAML profile, and XML using OpenSAML.)
However when I include this token in a web service request run in the same Axis2/Rampart deployment that generated the token, Rampart gives "SAML Token missing in request" (issued by RampartEngine.process()). Using a separate implementation in NetKernel and OpenSAML I have no problem accessing and validating the SAML token in the same request. This problem has been around since Axis2/Rampart 1.5.1 when I first attempted to perform this task.
Does anyone know why Rampart rejects its own SAML token? Have you found a way to make Rampart accept its own SAML token?
(I have been working on this problem off and on for more than a year; I may just give up and use Netkernel and OpenSaml and do the whole thing myself; I lose a lot of SOAP help but at least I can handle the SAML token ... with a lot of help from OpenSAML. I would prefer Axis2/Rampart to work!)
I may have a partial answer to the issue. Following around the source code I was able to trace the "SAML Token Missing" to a line in the validator which only checks for unsigned SAML tokens. SAML tokens must be signed. I believe this is the reason for the error but I cannot build the rampart modules to test it!
ANSWER I was able to finally build the project and test the above assumption and indeed that solved the problem. I changed the code to address both signed and unsigned tokens. Submitted a JIRA issue to Rampart and the solution and hope they will address it. In the meantime I made a local version of the rampart-core-*.jar to address my service.
The answer I posed above is correct and has been incorporated by Rampart. Should be in the next release (1.6.3 I believe).