WS-STS with PingFederate for webservices built using Axis 1.7.2

Question

I have a war which publishes webservices. Webservices are built and deployed using Axis 1.7.2. I have developed the code where in the webservices can be protected using WS-STS. This works with WSO2 Identity Server's Secure Token Server.

I am facing problems while securing webservices by PingFederate's STS. One of the configuration step is to add the policy in the connecting database. The java code will pickup the policy XML and add it to the 'services.xml' for all the webservices.

I got the WS-Trust policy from the following PingFederate URL :

https://localhost:9031/pf/ws-trust_sts_metadata.ping PartnerSpId=CONNECTIONNAME&type=mex

The policy content looks like this :

<wsp:Policy wsu:Id="username">
<wsp:ExactlyOne>
  <wsp:All>
    <sp:TransportBinding>
      <wsp:Policy>
        <sp:TransportToken>
          <wsp:Policy>
            <sp:HttpsToken RequireClientCertificate="false"/>
          </wsp:Policy>
        </sp:TransportToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Strict/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
      </wsp:Policy>
    </sp:TransportBinding>
    <sp:SignedEncryptedSupportingTokens>
      <wsp:Policy>
        <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
            <sp:WssUsernameToken10/>
          </wsp:Policy>
        </sp:UsernameToken>
      </wsp:Policy>
    </sp:SignedEncryptedSupportingTokens>
    <sp:EndorsingSupportingTokens>
      <wsp:Policy>
        <sp:KeyValueToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never" wsp:Optional="true"/>
        <sp:SignedParts>
          <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
        </sp:SignedParts>
      </wsp:Policy>
    </sp:EndorsingSupportingTokens>
    <sp:Wss11>
      <wsp:Policy>
        <sp:MustSupportRefKeyIdentifier/>
        <sp:MustSupportRefIssuerSerial/>
        <sp:MustSupportRefThumbprint/>
        <sp:MustSupportRefEncryptedKey/>
      </wsp:Policy>
    </sp:Wss11>
    <sp:Trust13>
      <wsp:Policy>
        <sp:MustSupportIssuedTokens/>
        <sp:RequireClientEntropy/>
        <sp:RequireServerEntropy/>
      </wsp:Policy>
    </sp:Trust13>
    <wsaw:UsingAddressing/>
  </wsp:All>
</wsp:ExactlyOne>

    The services are failing to deploy with the following exception :

    Caused by: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "wsaw"
 at [row,col {unknown-source}]: [58,29]
    at com.ctc.wstx.sr.StreamScanner.constructWfcException(StreamScanner.java:606)
    at com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:479)
    at com.ctc.wstx.sr.InputElementStack.resolveAndValidateElement(InputElementStack.java:507)
    at com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2977)
    at com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2837)
    at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1072)
    at org.apache.axiom.util.stax.wrapper.XMLStreamReaderWrapper.next(XMLStreamReaderWrapper.java:225)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:666)
    ... 62 more

If somebody can point to a STS kit or tutorial for PingFederate, its will be greate help.

Answer 1

Since it's just complaining about the namespace, did you try to load the http://www.w3.org/2006/05/addressing/wsdl namespace?

Source: https://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529/