Skip to main content

Metro 2.0.1 Client with ADFS 2.0 STS and .NET 4.0 WebService

9 replies [Last post]
rsea
Offline
Joined: 2010-07-08

Hi all,

I've been trying to setup a .NET 4.0 Web Service, federated with an ADFS 2.0 STS using WIF and a Java client, using latest Metro build, to talk to this web service. I'm developing in NetBeans 6.9.

After following a number of samples and tutorials, both from Metro site and .net, as well as this thread (http://forums.java.net/jive/thread.jspa?messageID=396540), I'm still unable to have the client get a token from the ADFS2 STS.

The first error showing up after configuring the web service client in NetBeans was:

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jdg6688
Offline
Joined: 2005-11-02

It is working with Metro client and ADFS 2.0 STS. Check out this thread for more details:

http://forums.java.net/jive/thread.jspa?messageID=396540

In your case, the security is not enabled on the client side. Likely
there is a mis-match in the policy of the STS endpoint you pointed to.

To help you out, Can you post the STS wsdl with the security policy in it?

rsea
Offline
Joined: 2010-07-08

Thanks for the reply. Here are the WSDL files for STS and WService.

jdg6688
Offline
Joined: 2005-11-02

The version of the ws-securitypolicy used for your STS endpoint and service are different.

To resolve it use the STS endpoint "http://safir.nextway.corp/adfs/services/trust/13/username"
instead

rsea
Offline
Joined: 2010-07-08

Thanks again for the reply.

I can now get a token from ADFS2. However, the client now fails with the following error:
[i]SEVERE: WSS1701: Sign operation failed.
java.lang.IllegalArgumentException: Empty key[/i]

This happens apparently because in line 296 of [i]WSTrustClientContractImpl[/i], keySize is 0. This is due to the fact that both RST and RSTR have keySize = 0.
Shouldn't this be 256 as stated in service wsdl?

I've also attached the wsit-client files i'm using.

jdg6688
Offline
Joined: 2005-11-02

The RSTR doesn't contain KeySize as usually it should.

In this case, there is a bug in Metro 2.0.1 to handle it.

So 2 options:

1. Use 2005/07 version:

Choose Version Compatibility to be .Net 3.0/Metro 1.0 when you build and configure
your service and use the STS endpoint "“http://safir.nextway.corp/adfs/services/trust/2005/username"

or

2. Upgrade Metro to the current Metro 2.1 where the bug is fixed.

rsea
Offline
Joined: 2010-07-08

Thanks, now it's working.

Best regards.

sivagurut
Offline
Joined: 2009-07-06

Can you please share the working code and blog link.

jdg6688
Offline
Joined: 2005-11-02
Vinuta
Offline
Joined: 2014-04-30

I am looking for code sample for using Metro with ADFS as STS. The links in this thread do not work. Could anyone please point me to a working example..? Thanks a lot !