I'm developing a WSO2 API to invoke a specific service protected by SAML token. For the security, this is a two-step authentication process. First the service consumer (me) has to authenticate to the SecurityTokenService using X.509 direct authentication. The STS issues a signed SAML token claiming the consumers identity. In a second request the service consumer calls the business service and includes the received SAML token and a timestamp within the wsse:Security header. So, I need to access SAML-secured service via WSO2 ESB.
For the first part, I successfully got the token. For the 2nd request I included this process of generating a token (as a Issuer) to a policy:
But my code for the second part doesn't work in ESB, it returns ErrorInObtainingToken. And I don't understand how to send already received token in a proper way. Could you please help me?
I used the policy file provided by the service, compared it to the one generated automatically in WSO2 Integration Studio, added and deleted lines, the result is always the same:
[PassThroughMessageProcessor-126] ERROR {org.apache.rahas.client.STSClient} - errorInObtainingToken
Caused by: org.apache.rahas.TrustException: Error in obtaining token from : "http://localhost:8280/.../token"
[-1234] [] [PassThroughMessageProcessor-130] ERROR {org.apache.axis2.engine.AxisEngine} - Message Receiver not found for AxisOperation: requestSecurityToken
org.apache.axis2.AxisFault: Message Receiver not found for AxisOperation: requestSecurityToken