Skip to main content

Get a SAML token and print it in console - DotNet STS, Java Client

8 replies [Last post]
Anonymous

Dear Experts,

Please help me identify the cause of the exception thrown in metro.

I have a dotnet STS and I created a java client to connect to it and request
a token. STS is secured by X509 certs. Just trying to get a SAML token and
print it in console.

Environment: NetBeans 7.1.2, Glassfish-3.1.2, JDK 1.7, Metro 2.2-b13

Looks like the token response is received, but while evaluating in
security-tube the following exception is thrown. Please help me resolve
this.

INFO: Response message received in Tube [
com.sun.xml.wss.jaxws.impl.SecurityClientTube ] Instance [ 5 ] Engine [
Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000)
JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revisionSEVERE: WSS1717: Error
occurred while doing digest verification of body/payload
javax.xml.crypto.dsig.XMLSignatureException: WSS1717: Error occurred while
doing digest verification of body/payload
at
com.sun.xml.ws.security.opt.impl.incoming.processor.StreamingPayLoadDigester.accept(StreamingPayLoadDigester.java:111)
at
org.codehaus.stax2.ri.Stax2FilteredStreamReader.next(Stax2FilteredStreamReader.java:37)
at
com.sun.xml.ws.security.opt.impl.util.VerifiedMessageXMLStreamReader.next(VerifiedMessageXMLStreamReader.java:86)
at
com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator.storeElementAndChildrenNoEx(StreamReaderBufferCreator.java:266)
at
com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator.storeElementAndChildren(StreamReaderBufferCreator.java:198)
at
com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator.store(StreamReaderBufferCreator.java:163)
at
com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator.create(StreamReaderBufferCreator.java:103)
at
com.sun.xml.stream.buffer.MutableXMLStreamBuffer.createFromXMLStreamReader(MutableXMLStreamBuffer.java:134)
at
com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.cacheMessage(VerifiedStreamMessage.java:554)
at
com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage.readAsSOAPMessage(VerifiedStreamMessage.java:479)
at
com.sun.xml.wss.jaxws.impl.PolicyResolverImpl.resolvePolicy(PolicyResolverImpl.java:160)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:918)
at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248)
at
com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)
at
com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
at com.sun.xml.ws.client.Stub.process(Stub.java:429)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
at $Proxy156.trust13Issue(Unknown Source)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:69)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:473)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at
org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1542)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at
com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:722)

INFO: Response exception processed in Tube [
com.sun.xml.wss.jaxws.impl.SecurityClientTube ] Instance [ 6 ] Engine [
Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000)
JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown...

Thanks,
Joseph

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

You may have hit some bug. Can you enable Debug Logs by setting the
following properties in the logging.properties file of your client VM :

com.sun.xml.wss.logging.impl.opt.level = FINEST
com.sun.xml.wss.logging.impl.opt.crypto.level = FINEST
com.sun.xml.wss.logging.impl.opt.signature.level = FINEST
com.sun.xml.wss.logging.impl.opt.token.level = FINEST

And send us the client side log.

On May 25, 2012, at 11:05 AM, Joseph wrote:

> Dear Experts,
>
> Please help me identify the cause of the exception thrown in metro.
>
> I have a dotnet STS and I created a java client to connect to it and
> request
> a token. STS is secured by X509 certs. Just trying to get a SAML
> token and
> print it in console.
>
> Environment: NetBeans 7.1.2, Glassfish-3.1.2, JDK 1.7, Metro 2.2-b13
>
> Looks like the token response is received, but while evaluating in
> security-tube the following exception is thrown. Please help me
> resolve
> this.
>
>
> INFO: Response message received in Tube [
> com.sun.xml.wss.jaxws.impl.SecurityClientTube ] Instance [ 5 ]
> Engine [
> Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000)
> JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revisionSEVERE: WSS1717:
> Error
> occurred while doing digest verification of body/payload
> javax.xml.crypto.dsig.XMLSignatureException: WSS1717: Error occurred
> while
> doing digest verification of body/payload
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming
> .processor
> .StreamingPayLoadDigester.accept(StreamingPayLoadDigester.java:111)
> at
> org
> .codehaus
> .stax2
> .ri.Stax2FilteredStreamReader.next(Stax2FilteredStreamReader.java:37)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .util
> .VerifiedMessageXMLStreamReader
> .next(VerifiedMessageXMLStreamReader.java:86)
> at
> com
> .sun
> .xml
> .stream
> .buffer
> .stax
> .StreamReaderBufferCreator
> .storeElementAndChildrenNoEx(StreamReaderBufferCreator.java:266)
> at
> com
> .sun
> .xml
> .stream
> .buffer
> .stax
> .StreamReaderBufferCreator
> .storeElementAndChildren(StreamReaderBufferCreator.java:198)
> at
> com
> .sun
> .xml
> .stream
> .buffer
> .stax.StreamReaderBufferCreator.store(StreamReaderBufferCreator.java:
> 163)
> at
> com
> .sun
> .xml
> .stream
> .buffer
> .stax
> .StreamReaderBufferCreator.create(StreamReaderBufferCreator.java:103)
> at
> com
> .sun
> .xml
> .stream
> .buffer
> .MutableXMLStreamBuffer
> .createFromXMLStreamReader(MutableXMLStreamBuffer.java:134)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming
> .VerifiedStreamMessage.cacheMessage(VerifiedStreamMessage.java:554)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming
> .VerifiedStreamMessage.readAsSOAPMessage(VerifiedStreamMessage.java:
> 479)
> at
> com
> .sun
> .xml
> .wss
> .jaxws.impl.PolicyResolverImpl.resolvePolicy(PolicyResolverImpl.java:
> 160)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.createMessage(SecurityRecipient.java:918)
> at
> com
> .sun
> .xml
> .ws
> .security
> .opt
> .impl
> .incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:
> 248)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl
> .SecurityClientTube
> .processClientResponsePacket(SecurityClientTube.java:434)
> at
> com
> .sun
> .xml
> .wss
> .jaxws
> .impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
> at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:972)
> at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910)
> at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
> at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
> at com.sun.xml.ws.client.Stub.process(Stub.java:429)
> at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 119)
> at
> com
> .sun
> .xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
> 102)
> at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
> at $Proxy156.trust13Issue(Unknown Source)
> at org.apache.jsp.index_jsp._jspService(index_jsp.java:69)
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:
> 111)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
> at
> org
> .apache
> .jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:
> 473)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
> at
> org
> .apache.catalina.core.StandardWrapper.service(StandardWrapper.java:
> 1542)
> at
> org
> .apache
> .catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
> 281)
> at
> org
> .apache
> .catalina.core.StandardContextValve.invoke(StandardContextValve.java:
> 175)
> at
> org
> .apache
> .catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
> at
> org
> .apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 595)
> at
> org
> .apache
> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
> at
> org
> .apache
> .catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
> at
> org
> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 231)
> at
> com.sun.enterprise.v3.services.impl.ContainerMapper
> $AdapterCallable.call(ContainerMapper.java:317)
> at
> com
> .sun
> .enterprise
> .v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:
> 849)
> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:
> 746)
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:
> 1045)
> at
> com
> .sun
> .grizzly
> .http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
> at
> com
> .sun
> .grizzly
> .DefaultProtocolChain
> .executeProtocolFilter(DefaultProtocolChain.java:137)
> at
> com
> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
> 104)
> at
> com
> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
> 90)
> at
> com
> .sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
> at
> com
> .sun
> .grizzly
> .ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
> at
> com
> .sun
> .grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
> at
> com.sun.grizzly.util.AbstractThreadPool
> $Worker.doWork(AbstractThreadPool.java:532)
> at
> com.sun.grizzly.util.AbstractThreadPool
> $Worker.run(AbstractThreadPool.java:513)
> at java.lang.Thread.run(Thread.java:722)
>
> INFO: Response exception processed in Tube [
> com.sun.xml.wss.jaxws.impl.SecurityClientTube ] Instance [ 6 ]
> Engine [
> Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000)
> JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown...
>
> Thanks,
> Joseph
>

Joseph

http://metro.1045641.n5.nabble.com/file/n5709780/gflog.txt gflog.txt

Thank you Kumar for looking into it. I have enabled the logger properties as
you have told and please find the client side log attached in file gflog.txt

Thanks,
Joseph

Joseph

After enabling finer logs, I can see the error message:

ID3112: Unrecognized RequestType ' ' specified in the incoming request.

My client side code is:
com.gettoken.sts.SecurityTokenService service = new
com.gettoken.sts.SecurityTokenService();
com.gettoken.sts.IWSTrust13Sync port =
service.getWS2007HttpBindingIWSTrust13Sync1();
com.gettoken.sts.RequestSecurityTokenType message = null;
com.gettoken.sts.RequestSecurityTokenResponseCollectionType result =
port.trust13Issue(message);

Joseph

Auto generated stub-source doesn't allow me to add an element to the
soap-body.

As Kumar Jayanti has replied above, is this a confirmed defect?

Currently generated body:

RequestSecurityToken should have below additional elements included,

http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1

RequestSecurityTokenResponseCollectionType is the generated class, whose
instance is to be sent as parameter for invoking the operation. It doesn't
allow me to set "RequestType".

@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "RequestSecurityTokenType", propOrder = {
"any"
})
public class RequestSecurityTokenType {

@XmlAnyElement(lax = true)
protected List any;
@XmlAttribute(name = "Context")
@XmlSchemaType(name = "anyURI")
protected String context;
@XmlAnyAttribute
private Map otherAttributes = new HashMap();

public List getAny() {
if (any == null) {
any = new ArrayList();
}
return this.any;
}

public String getContext() {
return context;
}

public void setContext(String value) {
this.context = value;
}

public Map getOtherAttributes() {
return otherAttributes;
}

}

Experts, please help. Is this a defect?

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

Your previous email indicates you are not using Metro code on the
client side. So i am not sure how we can help..
On May 29, 2012, at 2:24 PM, Joseph wrote:

> Auto generated stub-source doesn't allow me to add an element to the
> soap-body.
>
> As Kumar Jayanti has replied above, is this a confirmed defect?
>
> Currently generated body:
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="_5009"> xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
>>
>
> RequestSecurityToken should have below additional elements included,
>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue RequestType>
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
>
>
> RequestSecurityTokenResponseCollectionType is the generated class,
> whose
> instance is to be sent as parameter for invoking the operation. It
> doesn't
> allow me to set "RequestType".
>
> @XmlAccessorType(XmlAccessType.FIELD)
> @XmlType(name = "RequestSecurityTokenType", propOrder = {
> "any"
> })
> public class RequestSecurityTokenType {
>
> @XmlAnyElement(lax = true)
> protected List any;
> @XmlAttribute(name = "Context")
> @XmlSchemaType(name = "anyURI")
> protected String context;
> @XmlAnyAttribute
> private Map otherAttributes = new HashMap String>();
>
> public List getAny() {
> if (any == null) {
> any = new ArrayList();
> }
> return this.any;
> }
>
> public String getContext() {
> return context;
> }
>
> public void setContext(String value) {
> this.context = value;
> }
>
> public Map getOtherAttributes() {
> return otherAttributes;
> }
>
> }
>
> Experts, please help. Is this a defect?
>
>

Joseph

Hi Kumar,

Are you referring to this:

com.gettoken.sts.SecurityTokenService service = new
com.gettoken.sts.SecurityTokenService();
com.gettoken.sts.IWSTrust13Sync port =
service.getWS2007HttpBindingIWSTrust13Sync1();
com.gettoken.sts.RequestSecurityTokenType message = null;
com.gettoken.sts.RequestSecurityTokenResponseCollectionType result =
port.trust13Issue(message);

I am using NetBeans to generate wsit-client.xml and used NetBeans IDE 'Call
Web Service Operation' menu to generate this code.

And I have attached the logs you asked for and that is also generated by
metro.

What I am doing is directly trying to call the STS and just print the token
returned. Is this allowed or should I always access STS through relying
party?

One thing the log says is, I am not passing the 'RequestType' which is
mandatory and RequestSecurityTokenResponseCollectionType is autogenerated
source. Now, after my above post I found that I can add that element by

com.gettoken.sts.RequestSecurityTokenType message = new
com.gettoken.sts.RequestSecurityTokenType();
JAXBElement requestType = new JAXBElement(new
QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue",
"RequestType"), javax.xml.bind.JAXBElement.class, null, "Issue");
message.getAny().add(requestType);

but there is issue with namespace for the element.

Thanks,
Joseph

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On May 29, 2012, at 4:09 PM, Joseph wrote:

> Hi Kumar,
>
> Are you referring to this:
>
> com.gettoken.sts.SecurityTokenService service = new
> com.gettoken.sts.SecurityTokenService();
> com.gettoken.sts.IWSTrust13Sync port =
> service.getWS2007HttpBindingIWSTrust13Sync1();
> com.gettoken.sts.RequestSecurityTokenType message = null;
> com.gettoken.sts.RequestSecurityTokenResponseCollectionType result =
> port.trust13Issue(message);
>
> I am using NetBeans to generate wsit-client.xml and used NetBeans
> IDE 'Call
> Web Service Operation' menu to generate this code.

OK.
>
> And I have attached the logs you asked for and that is also
> generated by
> metro.
>
> What I am doing is directly trying to call the STS and just print
> the token
> returned. Is this allowed or should I always access STS through
> relying
> party?

Invoking the STS and obtaining the token would happen internally
within Metro Runtime. Have you tried that first ?. I guess that is
where you were seeing the signature Failure ?.

I have not looked at the Logs you sent yet. Will look into it and get
back.

>
> One thing the log says is, I am not passing the 'RequestType' which is
> mandatory and RequestSecurityTokenResponseCollectionType is
> autogenerated
> source. Now, after my above post I found that I can add that element
> by
>
> com.gettoken.sts.RequestSecurityTokenType message = new
> com.gettoken.sts.RequestSecurityTokenType();
> JAXBElement requestType = new JAXBElement(new
> QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue",
> "RequestType"), javax.xml.bind.JAXBElement.class, null, "Issue");
> message.getAny().add(requestType);
>
> but there is issue with namespace for the element.
>
> Thanks,
> Joseph
>
>

Joseph

I have got the token!

I am able to successfully authenticate and get the token from dotnet STS
using a java client.

As previously stated by Kumar, this call will be done internally by metro
runtime. But for experiment sake, I called the STS directly using a java
client to get a token.

Following is the client code:

String requestTypeNamespace =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";
String requestType =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";
String tokenType =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
String endpointAddress =
"http://service.corpnt.analog.com/EchoService.svc";
String addressNamespace =
"http://www.w3.org/2005/08/addressing";
String appliesToNamespace =
"http://schemas.xmlsoap.org/ws/2004/09/policy";

JAXBElement requestTypeElement = new JAXBElement(new
QName(requestTypeNamespace, "RequestType"),
javax.xml.bind.JAXBElement.class, null, requestType);
JAXBElement tokenTypeElement = new JAXBElement(new
QName(requestTypeNamespace, "TokenType"), javax.xml.bind.JAXBElement.class,
null, tokenType);
JAXBElement address = new JAXBElement(new
QName(addressNamespace, "Address"), javax.xml.bind.JAXBElement.class, null,
endpointAddress);
JAXBElement endpoint = new JAXBElement(new
QName(addressNamespace, "EndpointReference"),
javax.xml.bind.JAXBElement.class, null, address);
JAXBElement appliesToElement = new JAXBElement(new
QName(appliesToNamespace, "AppliesTo"), javax.xml.bind.JAXBElement.class,
null, endpoint);

RequestSecurityTokenType message = new
RequestSecurityTokenType();
message.getAny().add(requestTypeElement);
message.getAny().add(tokenTypeElement);
message.getAny().add(appliesToElement);

// invoke service and process result
com.gettoken.sts.RequestSecurityTokenResponseCollectionType
result = port.trust13Issue(message);
out.println("Response received successfully: " + result);

Thanks Kumar for your help by providing the set of properties to enable
finer log messages. It helped a lot to debug the ecrypted messages.