Skip to main content

Where does xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" come from?

6 replies [Last post]
Anonymous

Could someone tell me what does
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my Envlope and
why do I have that? I want SAML2.0 assertion token and I have
urn:oasis:names:tc:SAML:2.0:assertion in
the body of the RST. I didn't mention SAML1.0 anywhere in my configuration.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On Apr 24, 2012, at 10:01 PM, gchoi wrote:

> Could someone tell me what does
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" mean in my
> Envlope and
> why do I have that?
There is a general problem in metro where some places u see namespace
declarations that aren't really required there. Some of it i believe
comes during JAXB Marshalling.

Is it causing trouble to you in any way ?.

> I want SAML2.0 assertion token and I have
> urn:oasis:names:tc:SAML:2.0:assertion trust:TokenType> in
> the body of the RST. I didn't mention SAML1.0 anywhere in my
> configuration.
>
>
>
> xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
> "
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
>

Gina Choi

Even I requested SAML2.0 assertion token, I am getting SAML1.0 Assertion from
STS. Following is what STS returned in the body. I don't see point that we
mention SAML version in the envelope.

urn:oasis:names:tc:SAML:1.0:assertion

I am getting following WARNINGS when I run client. I am not sure if it is
related to this, but just want to eliminate all possible errors.

Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse
INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
"UNSUPPORTED".
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.sun.com/2006/03/wss/server}TrustStore" was evaluated as
"UNSUPPORTED".
Apr 24, 2012 12:21:50 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
https://wkengchoi:8443/doubleit/services/doubleit
STS Name Space+++++++++null
STS Name
Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/usernamemixed
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.parser.PolicyConfigParser]
parse
INFO: WSP5018: Loaded WSIT configuration from file:
file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}BasicAuthentication"
was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0075: Policy assertion
"{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
" was evaluated as "UNKNOWN".
Apr 24, 2012 12:21:53 PM [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side
with fitness "PARTIALLY_SUPPORTED".
Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
log_invalid_assertion
WARNING: SP0100: Policy assertion
Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
assertion data {
namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
prefix = 'sp'
local name = 'SpnegoContextToken'
value = 'null'
optional = 'false'
ignorable = 'false'
attributes {
name =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken',
value =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
sToRecipient'
}
}
no parameters
nested policy {
namespace version = 'v1_5'
id = 'null'
name = 'null'
vocabulary {
1. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
2. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
3. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
4. entry =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
'
}
assertion set {

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
assertion data {
namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
prefix = 'sp'
local name = 'MustNotSendAmend'
value = 'null'
optional = 'false'
ignorable = 'false'
no attributes
}
no parameters
no nested policy
}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
assertion data {
namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
prefix = 'sp'
local name = 'MustNotSendCancel'
value = 'null'
optional = 'false'
ignorable = 'false'
no attributes
}
no parameters
no nested policy
}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
assertion data {
namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
prefix = 'sp'
local name = 'MustNotSendRenew'
value = 'null'
optional = 'false'
ignorable = 'false'
no attributes
}
no parameters
no nested policy
}

Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
aultPolicyAssertion] {
assertion data {
namespace =
'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
prefix = 'sp'
local name = 'RequireDerivedKeys'
value = 'null'
optional = 'false'
ignorable = 'false'
no attributes
}
no parameters
no nested policy
}
}
}
} is not supported under Token assertion.

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0
> Assertion from
> STS. Following is what STS returned in the body. I don't see point
> that we
> mention SAML version in the envelope.
>
>
> urn:oasis:names:tc:SAML:1.0:assertion trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".

The namespace here should be http://schemas.sun.com/2006/03/wss/client
and not http://schemas.sun.com/2006/03/wss/server

> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was
> evaluated as
> "UNSUPPORTED".
Same here.
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/
> usernamemixed
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
This assertion is MS specific and so metro does not understand this
one. Same for other ones below. So it appears you have
SpnegoContextToken on the STS policy ?. Metro does not support it.

Apr 24, 2012 12:21:53 PM
[com.sun.xml.ws.policy.EffectiveAlternativeSelector]
>
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'SpnegoContextToken'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> attributes {
> name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken'
> ,
> value =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
> sToRecipient'
> }
> }
> no parameters
> nested policy {
> namespace version = 'v1_5'
> id = 'null'
> name = 'null'
> vocabulary {
> 1. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
> 2. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
> 3. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
> 4. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
> '
> }
> assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendAmend'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendCancel'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendRenew'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'RequireDerivedKeys'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
> }
> }
> } is not supported under Token assertion.
>

Gina Choi

Thanks for your response. I appreciate it.

>The namespace here should be http://schemas.sun.com/2006/03/wss/client
>and not http://schemas.sun.com/2006/03/wss/server
I commented out name space for http://schemas.sun.com/2006/03/wss/server
since I had http://schemas.sun.com/2006/03/wss/client already.

>This assertion is MS specific and so metro does not understand this one.
Same for other ones below. So it appears you have SpnegoContextToken on the
STS policy ?. >Metro does not support it.
I see SpnegoContextToken on the ADFS policy. So, it looks like that I need to
get used to with these WARNING messages. :)

Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On Apr 24, 2012, at 10:56 PM, Gina Choi wrote:

> Even I requested SAML2.0 assertion token, I am getting SAML1.0
> Assertion from
> STS.
This could be an STS configuration issue and has nothing to do with
the SAML version in the envelope.
> Following is what STS returned in the body. I don't see point that we
> mention SAML version in the envelope.
>
>
> urn:oasis:names:tc:SAML:1.0:assertion trust:TokenType>
>
> I am getting following WARNINGS when I run client. I am not sure if
> it is
> related to this, but just want to eliminate all possible errors.
>
>
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}KeyStore" was evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.sun.com/2006/03/wss/server}TrustStore" was
> evaluated as
> "UNSUPPORTED".
> Apr 24, 2012 12:21:50 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> STS PortMetro/2.2 (branches/2.2-7015; 2012-02-20T20:31:25+0000)
> JAXWS-RI/2.2.6 JAXWS/2.2 svn-revision#unknown: Stub for
> https://wkengchoi:8443/doubleit/services/doubleit
> STS Name Space+++++++++null
> STS Name
> Space+++++++++https://strts01.ams.dev/adfs/services/trust/13/
> usernamemixed
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.parser.PolicyConfigParser]
> parse
> INFO: WSP5018: Loaded WSIT configuration from file:
> file:/C:/gina/new/DoubleIt/client/target/classes/wsit-client.xml.
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}BasicAuthentication"
> was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0075: Policy assertion
> "{http://schemas.microsoft.com/ws/06/2004/policy/
> http}NegotiateAuthentication
> " was evaluated as "UNKNOWN".
> Apr 24, 2012 12:21:53 PM
> [com.sun.xml.ws.policy.EffectiveAlternativeSelector]
> selectAlternatives
> WARNING: WSP0019: Suboptimal policy alternative selected on the
> client side
> with fitness "PARTIALLY_SUPPORTED".
> Apr 24, 2012 12:21:53 PM com.sun.xml.ws.security.impl.policy.Constants
> log_invalid_assertion
> WARNING: SP0100: Policy assertion
> Assertion[com.sun.xml.ws.security.impl.policy.SpnegoContextToken] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'SpnegoContextToken'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> attributes {
> name =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:IncludeToken'
> ,
> value =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alway
> sToRecipient'
> }
> }
> no parameters
> nested policy {
> namespace version = 'v1_5'
> id = 'null'
> name = 'null'
> vocabulary {
> 1. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendAmend'
> 2. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendCancel'
> 3. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:MustNotSendRenew'
> 4. entry =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702:RequireDerivedKeys
> '
> }
> assertion set {
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendAmend'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendCancel'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'MustNotSendRenew'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
>
> Assertion
> [com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$Def
> aultPolicyAssertion] {
> assertion data {
> namespace =
> 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'
> prefix = 'sp'
> local name = 'RequireDerivedKeys'
> value = 'null'
> optional = 'false'
> ignorable = 'false'
> no attributes
> }
> no parameters
> no nested policy
> }
> }
> }
> } is not supported under Token assertion.
>

Gina Choi

>This could be an STS configuration issue and has nothing to do with the
SAML version in the envelope.
An STS configuration issue means client side STS configuration? I created
java client using SAAJ and if I send if to same ADFS endpoint, I am correctly
receiving SAML2.0 token. Following is my request and response from ADFS. I
have attached my service wsdl file. Could you check it for me if I configured
incorrect way? This is only place that I mentioned token type.

Soap request:

XXXXXXXXhttp://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
https://strts01.ams.dev/adfs/services/trust/13/usernamemix
edhttps://wkengchoi:8443/doubleit/services/doubleithttp://docs.oasis-open.org/w
s-sx/ws-trust/200512/Bearerhttp://docs.oas
is-open.org/ws-sx/ws-trust/200512/Issueu
rn:oasis:names:tc:SAML:2.0:assertion

XML response

<?xml version="1.0" encoding="UTF-8"?>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/I
ssueFinal2012-04-25T15:05:44.239Z2012-04-2
5T15:10:44.239Z
2012-04-25T15:05:44.223Z2012-04-25T16:05:44.223Zhttps://wkengch
oi:8443/doubleit/services/doubleitE=krchoi@sct.com, CN=servicecn, OU=SCC, O=SDC, L=boston,
S=massachusetts,
C=US14478695720124859712xbmcGsC0n+MQbjeLrnAzcyg9SImUmVpkcncpm0TkbKzVzJ293+CPLuFRNqTWOIiZFAziZ
8eJGSwti5I27z4xAAYKhfRTXNiLnXr6MNLlNblcLDhAHxT9ZA9daGunLFuHqkQeXfSZNzNaYlglQe
Ynt8tlb9eDEANxS4PDvbdSuArV7PGIrwM3WsIfMjsbdeDPAvgvV9P5h5Dil98pSP/yd/xopVjThBe
KSEhCYcUiAfod2eNA3rxcCBGcpCAp3o4e/gUCL0Jrl2DhYWQG9XYmjrf3L+WHQ2KQDRHX+3HoUhbz
dXGRczV92KG7UpS8bLbmxd73V2UZXyGM2xbhrD9B+A==8eEGZzoNqYdxThzEY
QXTpFeMI41vpdWCdlEAaq1aw5GavM2stmaa27XvzMjSC4OUi2uCOOTlgikfnY7f69TKdcsbX7cz/F
XHbuIW8MQGrHL4B3qWC1tKE7bn2nXWHpvvg2JCvDJSCeGfNhEZ4xEgnF+siHomdbD+nFnrP4RjYrs
bFAOWyJztUZhVkOfNPKSwnxKjoGetBTlBDA9x3V0qBaFpdxzLNPBO7BvJa8GPMuXuXuSDF0nWLy6a
l6B9sX63plVgj0+lXjaoMLEBpMuaL+io2vlX8wSIEamaCiA2eyK50FWOYH31owB5bTj/QGrgIOrHh
qeMWbRu5eLKwqbPWXHzDC/tavcTqsi5DqPckLY05j+mVMy50SbwH+Y7+XfBULHPOlJnCw4ISCDsZz
KNuY5PinSbQAEKBHnjhvj4f5xm8OWplheGK9wAQKGfhNj3VF7GeeofCRYci0Lx826GIymxhxTyf9o
lzn2SSGHA5ipOXLV/2+ACxCfBT877AcELhgHXDaKn01LavoVYB+0KOctDc4o81OntQI6PpF45StVt
Kx+PKOn5Cog8o6jDFfxZ18KNZ66Z+ay4s590ladeHTrdMyI2ZyU8x+uc1wIHL0zEjNvyT25ekxLbc
k+I1ceER3jPdfxuaO1LzQQM5gDsnVhX8X051AMJMEspip1hRrrlPY9PNhMP1N2Z2oYgsncyP7I5B5
vahk3lXEtAWYfi/xP+EhPZZWSwdi8krndcuP2g5vEA3bl57WA3GqJ+oVBKj/XKVQPM08AeBiJwvm6
/Ur4RaNO3Ga55tzHXElzAZlbSN4bD+MjJPmu4WvOdEstyKLkZvjEimGBUyWWPgY6QvqM17tkz6u+o
EsPZ9UJ25k86JK2kjOdzGBwAA6mkFydyrQeJIVSNPQ1RV2uc2HrYC2YOaiZbuokHL9CmvgCariUvn
uRi/0piHuFQSFEqKtCAZoFEr4nYJzqMwOa9slU48SR0XjidT/lMEZ+W1PAPY7YIwikHhpm9rHBqhj
l4avXYQdeKNghJ1vEQ+aIhkAVj9ukYXUmDkL0dtvocpTq2/nwWL4a/AhDOYn/C7osoiRzvroKl4XU
kmds2pdopL9+NwMPJz1L8oycawm54FkmTea3nrKessVJovaCFkSPtZMcFNkquT7V+3W+FyHX0ZIsB
WCo/YaHvCAiVFXEBKPGnA1jehlrh+A8/5nSBiIwoIDYiArORByr0umFGYvWnnEO/qFeps3uB/+yJj
k/xJsSilQDCi4S90u4TZW9l9DatBwYs0id94WphWKkMo2bbVhqganznRMQT1j4yYPCprV1qBtNl08
PfNhVmZ3fNtqPEwb/yN0uVURasyMXtPwMk2iZJbWEVIB+IArwkJsDm53+qdl5zrWAZ6RuNJ6uSwGx
oe+9ei86wiEKD167dg5gKV6nWf+3WLfaCwX7u9dEJN5zk/GFyur1jP6Ywow0l6IE75/f5UP34lzH1
2MPwFS5cSqzOGjmdgrhVtuIh5GeKRc85fKB5bbmpe76WwecipjcY007TwVlUB0BbpmIjlkVXmuEAn
A5gBgVmqaU3lhuDmyFTsWjnv593UmrctPmBEd8Kz9sc33IuU+LdbJY8H2L8ZrfOSFYBELii7yhKu3
/yGbcD99C+43F6wKOKkN+2r6jvGSnJTyufhCZdSADeQkrhVTrrNZ6eudvFjRwrya8x+7boQD+BcZD
I0fOrU+nu4TP4KN+bfRnxtRxVYjs/w5hRgjqgP8Gn84XuN51vf8jqasVmQjz/2ky/IXVvblea0DFM
ubYljMth1W7u27KraaWtL2dr0IO4eeZuHuHo3fIFmzUr242ZiAZz9j+PhuFOYOD99ybCyxBAykuWI
vIRy6KnEwiem9GxamMkhzGEhwZUnXtJQ1mlO8vOC4BAtgMzlvpHxbMJLJsEPowkSH6trCrQceC5f2
1Wn1zeNZ+39DdyKsKp9/CVAgPNFxqnI6YX9Xu0lf/gPNn7Bn5AA/5K3FsMCLHs1SM/DjuIwRXHXi1
9+/vFG+o9VyUWUhAykMHnfdRU8QEg5Oz2ZlgHZlyCpyHPKgq1FG/E9bhfnMcubgWmmcKmzP15AKfv
Bi5kkRMZppgAwZbFFkkVdsqSjEYScEgO57UrvL4JSW6FoE0R+aFB81+yoFd1ijzOjglMdBudLJh8C
whFxtJvObVnbHIg2hd4YEzwvaviUe4MgCRteTry4McGNw/zDT9LZwc88qkL47Le0OGlG7zxmFd08g
IBEwaGqEgfWMCj23M8jRrOiXqQVQeegA7MjRafnO9/Dac/83qEh0bKXtUR89bobwxhrfZFXS9k97v
lDndRFQEQxkb8YnY93o36ZI4VdoYftz9OOz7fzdUSbQ72/htAYTsRwFLrg4Vsm3mlsPenzAqrBH1Q
smerU9vkFfgXFKBFL3Iz9jskTYHH60DZyVLqI0RW9sTVCxTMRzLKVbFfhv9iAgnqe2M/MQF3cpcK8
IbASxehoZZYYA1zVoNlFaFiUY2kvsEsdNFFOI3VMPZ1DPCvTXtHMyilsokxXKUHKfJNfM2gYPTvqT
NWQQDUUpT6QvsXgtgFEBYMeKerzuFeghZX7HpGLyBzZKV6d6GxNyfdure8rpjHRvt3eJZTNzlIapm
1kF3mrjqFlrcSPBeiWzwrrKXwyTnQz7AfjWewOubDboGmhrynvukJpNLwVWEaqIKmcgxL/SkRDnZp
5udjpdneqUCe5OPm07UL6qL+Ihwsy3qLLHdgOCkuvawKZxDGNTxZBqe9HuMK3ZCItu/2IwcRJysuF
T29lQfxhZ5LymTVM3CZU14zJ39ynRPtftvM9j4av3AzufYCF4y0AxUt6XfF9L4H8ykXDwth9Sn1zV
vyjoh32Hag/4BF1yl4rig0U0DQ3QW8YCUG9D9ZFvvMrIX1wTiYpd8LieRDrScEBJRW6ahY2FgNY5j
9ePpeINCyolEo9BTuCY6czZoY13whCA+5FZLRgjfUP4rwAZ26F3qsVQeQIcinRs3c9PRCq0S9eB/7
ZelVPHDtnrqNJo7EHp8T7tWdUXak8upHajxVHoKbIsjy6Gvid5jOcDDINJntUY7NmgHtWXzI2o7Cb
Mf5yigWmTlBHQBI5XAUH/cQir3fX9q7hoKYDTpjQUDMr1dkGYZYFHameUeg4giOzG6MRXoMLSLlOO
cbVl8NnJ2usOimn+8lrXHuANSZDxcjK5nR1dqPsFTdRbL1X3iuGuogO9u6lPhuQx7WVsQM/n6sJrT
/BCl9qS5RCtc90YWIhg4aV2Ju9uN/MjGvWKJTaIhQ8TyaMEX7DONluCHK/joMfSQNFhnzo/zmYLAS
2oAsbj4gwDWgkgArgScdWXLXkN33VVgvN4NmcNM84TYpTtkD0U3jo/ZEJqrZPJGC0xuQGx6h327bF
m0t7HIc2EMgfiYmC1fbuq78Tso61Nl9AqMGPAqb+FgTFEk2XCT3A8c0gOY2YPJDwLLvT/ap/hmO1F
ojpy3xvvI/ymL9Q+HDe1OqBq7xQPQgsYrp2KPRjcyydtyV8StjG6ojWaL3vlilJOMKTTfvHCarrd5
fX8L1JLoQNH9UD4MZZXvf5kaV95aQM81i3hRLQIfCnFQUNe83cWxseaglMtFYiJmIt20b6fCXD0QO
NVbV50HFnYxKfHJdnS4LwX424QWOtvxh8Gv0gm11mIx036WRgP1d6TQ3beOb5PDCTNfQDpvwvA7lq
p7d26EInUjvMRDzyzxqd0SOd+D2szT9azOpc7lnu3Woq3e0CVPsyGgigsYGtEgISmEb82Yw0wxDRX
vdw5eU5zrBkL94RjqhKJ7cn1G/AtTtAvSXk2iaZhED/vCQ0kmcMrD3anX2D5W1d00N/tFEwEryxos
2Wbku9pnZdjPQ0VspZkYjG05ZXE8JAltp1yXAV+P/Apa7QXJQU6+YMKZAGigGaUSzoc9XNTDmuaDW
BKM10HAd6YxTEuFS/dmxO+fWwru50/4CuaZ05TKkDIrJ4xDe0GWW9AZRt/QDBycsDjWBsnc8tGqCe
3AYxc4SuYfhX8Vqji4S5zGEGJPea8y9jpxpML60qd1COPsWKCHrgEa6/jukGmbzMoauBfk/uzh2nc
WfBZq2Yw52t+5UZ2A9A3EB7ecaHZbWNiUFPgn+aXlbn291bMDTRzIchW/0XP95sDa+hboE4VBSfix
CFoZpfxwQxFvBtls3pX8TXVG2crsmNI8OFECjE5YOnc2o6Iu/Im7omWRdT+YrwXUT074jE9KptK7b
6aJP44T8Fidw9jX2O7NJwYbEfdi4jGCnT9XI_8887efc5-6a3e-4573-8979-0e80521e7e5c_8887efc5-6a3e-4573-8979-0e80521e7e5curn:oasis:names:
tc:SAML:2.0:assertionhttp://docs.oasis-o
pen.org/ws-sx/ws-trust/200512/Issuehttp://
docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer