Windows Live SSO from Java

Mar 6, 2009 at 12:45 AM

Background
--------------
- Windows Live uses a set of SOAP based Passport Web Services to obtain a short lived token (SLT) using a method known as GetSLT. GetSLT is secured using Client Certificate's and requires the TLS connection undergoes mutual authentication
- In order to make a TLS connection, Java must have access to a private key and a set of certificates from trusted Root and Intermediate CAs. Java requires the private key is located in the native format keystore known as Java Key Store (JKS). Both the keystore and private key must have the same password and all intermediate certificates must be present.
- We also require a truststore (usually cacerts in Java) which contains all required Root and Intermediate CA's. Java 6 doesn't have the necessary entries so we need to build a new truststore.
- Apache CXF is used to build a Java Proxy Client from the Passport WSDL (slightly modified)

Prerequisites
---------------
Truststore
- Windows Platform SDK. Available from http://www.microsoft.com/downloads/details.aspx?FamilyID=484269e2-3b89-47e3-8eb7-1f2be6d7123a&DisplayLang=en
- CAPICOM. http://www.microsoft.com/downloads/details.aspx?FamilyId=860EE43A-A843-462F-ABB5-FF88EA5896F6&displaylang=en
- .NET v2.0
- CertificateConvert.exe. Export the Windows Root and Intermediate CA stores and builds a Java truststore. Path's for the output directory and for the Java keytool specified in App.Config

Keystore
- Java 6
- KeyTool IUI (for manipulating key/trust stores). Requires Java 6 (JRE)
- openssl (I use openssl from Cygwin). For converting PFX to PEM.

Windows Live SSO
- CXF 2.1.1 (and dependencies)
- PassportUtil.jar
- WindowsLiveHelper.jar
- Your code!

Optional
----------
- WindowsLive SSO for J2EE. Secure the JSP and pass through the username in the HTTP header and get a URL which can be used for SSO

Tasks
-------

Create a Truststore (trusted Root and intermediate CAs)
- Generate a new trust store using CertificateConvert.exe. Modify the App.Config to reflect where you would like your working/output directory to be and where your Java keytool.exe is located. Password for the resulting trust store is changeit.

Create a Keystore (private key)
- Import the certificate into the Windows certificate store
- Export, ensure you including the Private key and all Certificates in the hierarchy
- Convert your pfx file to a pem using openssl via "openssl pkcs12 -in all.cer.pfx -out all.cer.pem -nodes"
- Copy the resulting file to seperate files, private.cer.pem and cer.pem
- Edit private.cer to look like this (contains only the private key)
$ cat private.cer.pem
Bag Attributes
    localKeyID: 01 00 00 00
    friendlyName: {CA7DB1AD-1EAD-47DD-A141-696CDAA7586A}
    Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Key Attributes
    X509v3 Key Usage: 10
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDSrfnGaiBdC5CgR3KVWVdxGb2x/3QMGcTKAQ5fFbXlmus21zd0
lLfS2SU+g8/WVMVT0btTgrX0+qgXQvPDJfWByOgxMAq1I6JRI6ynh8VZovaSILqY
2SfRpfl7z8ld5wtMPkC7V5UOQebG9kNtvcthSTIziNa0oMTITVL/p0tMuQIDAQAB
AoGAW34cY9OA3IeCNmjw1PUoqUBhhiSHFB44vPU6dYarKNxfW8CZH7LaJeIRb5W0
s8K6s0z4yiqQtKQKTZfQ3qXkeL+nPVd7TqKZhQ0untzGPDMqcu/Ttc8TByMORJmG
AFXBqRjYHReoe6Fzf1PXMC058qMmDzXaEOAzduGPkDU0tBECQQDvPIdcIXxCohgt
gfriSxZLC+YEJvJ5qQlafiV/qnP+cxC52Pfl940wNNtPpnv0lvSSkJ53Hn5Qv0ed
arTaxW7tAkEA4XEwP4Ak8Df3WPM9QG31XTxaVCiY9GxL17BD9N9ZVoBxUcEARwdj
UKXxBIXT6R35lqqgt95OtDhZbwrKCC1PfQJAOmNgefjmNfEPy5OMosxGrZxC0EKd
LVo3ITHmfwkf9DsrGuC8aBEKEXjlCcSNPj3VhSvssQ/tLlHw7ZeMelRzZQJAbNiT
bPVX4EuFNwMpvaPZZYywKBX503k+HQNTrDTyE1usWsaOdbzRbKzR81cR+2mnieET
+/JvmX/jXkOdS9lkmQJBANwtR0TLKN7c2ribY+F6FV5VF1rKARGpCgZXj5pzaMv+
TQdMq37YmekHyyP40pwNE46JmB2nzM/p8YGu9rEM4Zw=
-----END RSA PRIVATE KEY-----

- Edit cer.pem to look like this (contains only the certificate chain)
$ cat cer.pem
Bag Attributes
    localKeyID: 01 00 00 00
    friendlyName: wledutraining.com
subject=/C=US/ST=WA/L=Redmond/O=wledutraining.com/OU=EDU/CN=sapipartner.com
issuer=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=Microsoft Secure Server A
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgIKFj96MAAEAACeCzANBgkqhkiG9w0BAQUFADCBizETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMSowKAYD
VQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMDcxMDIw
MTc1NjUzWhcNMDgxMDE5MTc1NjUzWjCBljELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AldBMRAwDgYDVQQHEwdSZWRtb25kMRowGAYDVQQKExF3bGVkdXRyYWluaW5nLmNv
bTEMMAoGA1UECxMDRURVMRgwFgYDVQQDEw9zYXBpcGFydG5lci5jb20xJDAiBgkq
hkiG9w0BCQEWFWVkLWRlc2tAbWljcm9zb2Z0LmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEA0q35xmogXQuQoEdylVlXcRm9sf90DBnEygEOXxW15ZrrNtc3
dJS30tklPoPP1lTFU9G7U4K19PqoF0LzwyX1gcjoMTAKtSOiUSOsp4fFWaL2kiC6
mNkn0aX5e8/JXecLTD5Au1eVDkHmxvZDbb3LYUkyM4jWtKDEyE1S/6dLTLkCAwEA
AaOCAvAwggLsMAsGA1UdDwQEAwIFoDBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3
DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYD
VR0OBBYEFAzWSbfB4Llo0L6QCH7Rc6/yvBWXMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDATAfBgNVHSMEGDAWgBSZj6X3HoFv+nnC8BY/slSxCGhHVTCCAQoG
A1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29t
L3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1
dGhvcml0eSg0KS5jcmyGVmh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNj
b3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHko
NCkuY3JshkFodHRwOi8vY29ycHBraS9jcmwvTWljcm9zb2Z0JTIwU2VjdXJlJTIw
U2VydmVyJTIwQXV0aG9yaXR5KDQpLmNybDCBvwYIKwYBBQUHAQEEgbIwga8wXgYI
KwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01p
Y3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg0KS5jcnQwTQYI
KwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2FpYS9NaWNyb3NvZnQlMjBTZWN1cmUl
MjBTZXJ2ZXIlMjBBdXRob3JpdHkoNCkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsG
AQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQUwJwYJ
KwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATANBgkqhkiG9w0B
AQUFAAOCAQEAc737qnSaPabIqAGpj8LGj5hqG/bUeQ9Xol7IMZFBYCntNYfC8/+B
zvkJAFn+OSakzyN58Xvq5R7/ivGMFdZQUuHfxSBmR/WWvZyI9PYIXM9glpS1VJue
pGvsmdIWefjez9bNQqlOdCdP8bIXC0gZcWmRMB28mdteFdAA1vENjza+DTgsthrd
8vqQE4l5wY4GdCM11kSPQc1bBHBb/kxe6Wwb6nDrqAMVWyt9aDvrZ9ecc1XRueNE
1VscGMArOqANOzZro3pg2kSnaciCZcG/wamiSs8zsjdlZiC5VeMtU9kPttMKN62K
La6+V3+aZ8ubnrBdh5YrPaXEYJLciXcorA==
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: GTE CyberTrust Global Root
subject=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE Cy
issuer=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE Cyb
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
-----END CERTIFICATE-----
Bag Attributes: <Empty Attributes>
subject=/CN=Microsoft Internet Authority
issuer=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE Cyb
-----BEGIN CERTIFICATE-----
MIIECzCCA3SgAwIBAgIEBAAD/jANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MB4XDTA2MDQxOTE0MzUwMFoXDTA5MDQxOTIzNTkwMFowJzElMCMG
A1UEAxMcTWljcm9zb2Z0IEludGVybmV0IEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALUIbk0YdsTXnGPswqx8d/Ntrsjy8Wau8cKHBGBu
KZwAZe5qW+QOU4gRxiKbM/trspEu1lObU77PVtiZSqFQMkXOYNLhlq1a/eqh68RJ
Jxxev9KWmfppQ388ONqhi8wziHoXc66RUCiqabp751dbmwnnTN6GfIR952Zg+ab1
wmGL3o7B1efCMCI9LIMKsId16yHiXKbTBHuWnkAe4Qx2BMAgoJQQ21EbTBhyvCfd
EiRdOdYo1OTe2xih4JUPmXf7xPNDjMCrpjEJ8woxgCnH12z7PNPqwrhnFe/6808t
axy4iNgObXcZS3ERcZBA9RFT1z3onQ2E2plkaBPmZQPiZu0CAwEAAaOCAXAwggFs
MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0LmNvbS9j
Z2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFDNf3Q+3nFzO7ofdcHCL
X33PIry5MFQGA1UdIARNMEswSQYKKoZIhvhjAQIBBTA7MDkGCCsGAQUFBwIBFi1o
dHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vQ1BTL09tbmlSb290Lmh0bWwwgYkG
A1UdIwSBgTB/oXmkdzB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBv
cmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4x
IzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290ggIBpTAOBgNVHQ8B
Af8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBAjANBgkqhkiG9w0BAQUFAAOBgQBj
SQlU7cXbnngZAIOa4zci+1Z2XFTTyOFc/Tfc0qU/xVWPZPBJdx2UVk2yCwmIHFBY
OJSQC+7Kn7GE5nE3rBAyBrnB0oymBcBeD8tT3B4B31jHfnFgsC9UYin9uJN144+e
tbzOegUg4qaNApAaWGre3YY7ALn1y/6XgqIEIEZcCQ==
-----END CERTIFICATE-----
Bag Attributes: <Empty Attributes>
subject=/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=Microsoft Secure Server
issuer=/CN=Microsoft Internet Authority
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIKYQVOAQADAAAAHDANBgkqhkiG9w0BAQUFADAnMSUwIwYD
VQQDExxNaWNyb3NvZnQgSW50ZXJuZXQgQXV0aG9yaXR5MB4XDTA3MDkyODIyMDYz
N1oXDTA5MDQxOTIzNTkwMFowgYsxEzARBgoJkiaJk/IsZAEZFgNjb20xGTAXBgoJ
kiaJk/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRcwFQYK
CZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBT
ZXJ2ZXIgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xcCphW3RnMyuq1EAwlSsUghQUuCSQAaeFBTro1qbeCJEALHQGrXg8SMnY9Om64WG
PnB9HhOb1LTOdkMVx6a3GU0mcv+LkefcW/CewIMfDXPoeGA4ULmY9wbraPwJY8Ba
H3PAvOVSTJ0k9ZX6tXjE0D/214kn0+ZN+Y+ZwoqFC5/lgQyUxxgfVA0FsR/NDNF6
keBsoNz2vPghAsruLhkON+5KGQo0o+T+XcJ7xNs7eJR7MWZn2rNCM1J+qrR0o2vG
vz8QBSKogUXiPRXYVkNSkBEFZqGvEob1pDwC5fJEP71J6xEJHsSe0pcaa637RU04
4BsjRHqJE3Rrlurb6Fc8vQIDAQABo4IB2jCCAdYwEgYDVR0TAQH/BAgwBgEB/wIB
ATAdBgNVHQ4EFgQUmY+l9x6Bb/p5wvAWP7JUsQhoR1UwCwYDVR0PBAQDAgGGMBIG
CSsGAQQBgjcVAQQFAgMEAAQwIwYJKwYBBAGCNxUCBBYEFBOB4Tms57aqAqhuDUms
pmqjrALsMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMB8GA1UdIwQYMBaAFDNf
3Q+3nFzO7ofdcHCLX33PIry5MIGjBgNVHR8EgZswgZgwgZWggZKggY+GNmh0dHA6
Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zd3d3KDMpLmNy
bIY0aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zd3d3
KDMpLmNybIYfaHR0cDovL2NvcnBwa2kvY3JsL21zd3d3KDMpLmNybDB5BggrBgEF
BQcBAQRtMGswPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w
a2kvbXNjb3JwL21zd3d3KDMpLmNydDArBggrBgEFBQcwAoYfaHR0cDovL2NvcnBw
a2kvYWlhL21zd3d3KDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEARSzU1qmSJczv
IiFrscxgYtzXekBWgm2rYVIqN996H5ZfMDaso0tZXmhWo0zX0z0r0H+IIGtJ+4D9
t6dMTpB26jV/5EtMbtQu48ryCkMHBKNtCn7pQ5Mq2gqjq84KrVUlBFfPT4z4+Hqp
Q6gVghMggWNtiujdHh7w4ja3OqHkFZTX/wUSTb+BtH+GBZKYAGU6duakb3D0piFu
W5W6gZ4j15R12ys3ZYTKThZjW5blolA0lzuCSghoSfJHRA4jChIzDNojkf7OxqJw
yFl8+++iZwTiulCTgOucJxGCT1tEEwdfX2c+XKyJIS/d5Ndtk91WEWU+TzqX9ZT4
SAMJpIZ1pg==
-----END CERTIFICATE-----

- Load KeyTool IUI.
  - Create an empty key store.
  - Import the private key private.cer.pem and Certificate chain file cer.pem. Ensure the password for the private key is the same as the password for the key store.

- Create a Windows Live SSO application
  - Modify the client.properties file with your site specific information

---snip---
au.com.identityconcepts.windowslive.siteID=253988
au.com.identityconcepts.windowslive.domain=WLEduTraining.com
au.com.identityconcepts.windowslive.domainAdmin=administrator@WLEduTraining.com
au.com.identityconcepts.windowslive.keyStore=c:/truststore.jks
au.com.identityconcepts.windowslive.keyStorePassword=password
au.com.identityconcepts.windowslive.trustStore=c:/cacerts-win32.jks
au.com.identityconcepts.windowslive.trustStorePassword=changeit
au.com.identityconcepts.windowslive.debug=false
au.com.identityconcepts.windowslive.verbose=false
au.com.identityconcepts.windowslive.sslDebug=false
au.com.identityconcepts.windowslive.WSDLPath=c:/PPSACredentialWSDL.srf.wsdl
au.com.identityconcepts.windowslive.loginURLLive=https://login.live.com/ppsecure/post.srf
au.com.identityconcepts.windowslive.loginURLExchangeLabs=https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=10&ct=1217534617&rver=5.5.4177.0&wp=MBI_SSL&wreply=https:%2F%2Fexchangelabs.com%2Fowa%2F&lc=1033
---snip---

- Create an application (JSP/Servlet/etc) and call the GetSLT method.

---snip---
package au.com.identityconcepts.windowslive.ws;

import java.util.Calendar;
import java.text.SimpleDateFormat;

public class WindowsLiveHelper {

 private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog("WindowsLiveSSOv3"); 
 public static final String DATE_FORMAT_NOW = "yyyy-MM-dd HH:mm:ss"; 
 private Session session = null;
 
 public static void main(String[] args) {
  
  System.out.println("Startup " + now());  

  // Build a Windows Live Session  
  WindowsLiveHelper wlh = new WindowsLiveHelper();
    
  System.out.println("Finished " + now());
 }
 
 public WindowsLiveHelper() {
  this.session = new Session();          

  // GetSLT            
  System.out.println("Calling GetSLT " + now());
  for (int i=0; i < 10; i++) {   
   System.out.println(now() + " " + Marshall.GetSLT(this.session));   
  }
 }

 public static String now() {
  Calendar cal = Calendar.getInstance();
  SimpleDateFormat sdf = new SimpleDateFormat(DATE_FORMAT_NOW);
  return sdf.format(cal.getTime());
 }
}

Calling GetSLT 2008-07-30 11:13:07
2008-07-30 11:13:07 BzYu0gLgk*kZCSCbbgPg2pm0vosrB4FnGBcXPD6dPGWFpwlEIky8dhW2bxy0zmSah5AswiYTc5M!WppyBqbTEchArgyVl5HfEJ*RFXx7ZqDJ4y6ZVoLAwlmQS1vmwCEgOTD5CbI$
2008-07-30 11:13:10 B73HS4XbO5c7oXJJICxUd9L*0M!p96l2H4KXQzcy91u2uUMb401q9YbV85bRIlgThLY47UAGot1plmMvCLMdvuiZZjbz71huVbJaArcSgYMN2oXT0LVOjWAPtbkVf3ouPKYzL1I$
2008-07-30 11:13:11 B1ZeSilfPKIMadjfsfrazlD2cVYQw25zKnDc7DxtYDhGAlbXuYmqSwRcPXb7FDZYZKgoQIXKyj3eNWdTVkay6BdorIR8HUs8uO6t3ynHtN*LusF9zb2BJGBXgx*MJxvggBtwwb4$
2008-07-30 11:13:11 B7AyK94MsRIPdWKPmbVMbar7pCurNtMyyRQFWDaeChn09K6NdfH7b6kmi4AysHCP4LHcGJN21fGmjAFtQuehYuUEMUCbd7Fnx2116P5saFTBeYMShQmUU4EY90uf9z40wD*No$
2008-07-30 11:13:12 B4YGz4TeA3A*JLBBVr5wufyZDfIuyC*bHi7TJIHSD2CkW0117zFKg!hN9i1amdUmIYq9R2sWwbwL897YcUdx5piEdIoKk*I3quIosuu4F2qM9QvArC4PCf6lLpDky75RzEI7txE$
2008-07-30 11:13:12 Bx!3bVAU1EaX2Va8o90GrsdU1azMvUxasK7y3*0RU6rixmu1*Lc9VWZaBJLA01ke!FUG*qc9R4eFyTRYu7MAdilGMkMZNb7MoiXh1KM7h1RTZxnXIiR1MdxjRWdQ37xZFx*wTxE$
2008-07-30 11:13:13 BwP6nffjfN1BuA0LFeq!yY3V8uKviJC5eWQQD7Y6NutCgc2tDTlXeHvhEIFup8fxFIQpd1bz7rIF!q5yldEzd5oLISk3RYrPnU*vrb34xVC2SJRyz*Tg8T5CtWynhdxnUQnBSX8$
2008-07-30 11:13:13 B7tt0AxQxyZkQtUQiIsva3*CWk9*l1RK7oL5URT2526S9vFD3SaHSE1E47JxmBqKVNUuXg1pKh5ZXjM6wELKyzuDyrkQgRlnvz2yxOOlPvDZ!S7gQakQR*XXSSqiFD!YdYkXEbw$
2008-07-30 11:13:13 B6gEeNhUyxOT*atSScB1Z5Zd0TyhtATebl4q0NwOkX6qURR7Blmy1p0JisOeBy3IDclLuwFn4yijPfQgccGSALTDGydhBS1p7MnNnD57TaS97cHPW!9hS1i7aiSFZDNeToPEO9s$
2008-07-30 11:13:14 B5DvrYA0OTTLaNMtjhCuqcXfGOAPlwhYmLRUOMjCv80X*ojJNjIQbzVXE43SiGsStma4R2bGp5LLKXw3hfKWU8yi6o9qusonDPngSYK6mRP4MJqg!hziqgJ85QGfxwJZQIOpnfE$
Finished 2008-07-30 11:13:14

WindowsLive SSO for J2EE

- Set the system environment variable WLIDConfigFilePath to the full path of the file which holds the configuration informatino for your Domain "WLIDConfigFilePath=c:/WLIDSSO.config"
(it defaults to c:\WindowsLiveSSO.properties)
- Unpack the installation zip file to a directory. There should be 3 files, WindowsLiveSSO.war, an example configuration file WindowsLiveSSO.properties and the Passport WSDL PPSACredentialWSDL.srf.wsdl
and an example Java trust store cacert-win32.jks
- Edit the configuration file and include your site specific information
- Deploy the WAR file to the Tomcat server
- Submit a request to the Servlet http://localhost:8080/WindowsLiveSSO/validate.jsp with a header variable "username" with the LiveID of the user, "service" with the servicename (either "livemail" or "exchangelabs"). Additional headers include "redirect" (set to true or false) and "debug" (also set to true or false).

Apr 7, 2009 at 6:58 PM
Hi,

 There is some confusion following the steps from this article , please let me the exact steps to successfully retrieve SLT

 These are the steps that I followed

 .   Since I had pfx cert file, created private/CA key as 2 separate files
 .   Created a empty keystore using keytool  i.e. truststore.jks
 .   Imported private key and CA chain inside the above keystore using keytoolUI
 .   Configured WindowsLiveSSO.properties, where I used above created truststore.jks for keystore path and for trust store I used cacerts-win32.jks provoded in the downloaded zip file
 .   Set the system property to point to WindowsLiveSSO.properties
 .   Deployed the downloaded application to tomcat
 .   Accessed http://localhost:8080/WindowsLiveSSO/validate.jsp?username=.............
 .    But it throws below exception

INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA
ITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE
CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_M
S_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
javax.xml.ws.soap.SOAPFaultException: SOAP Server Application Faulted
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
        at $Proxy622.getSLT(Unknown Source)
        at au.com.identityconcepts.windowslive.ws.Marshall.GetSLT(Marshall.java:36)
        at org.apache.jsp.validate_jsp._jspService(validate_jsp.java:142)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)

 Let me know if I have missed somthing, also outline the exact steps required for this integration to work

-Tanmai
Apr 16, 2009 at 10:01 AM
Tanmai,

Sorry it didn't work for you first time! Are you able to run the helper application successfully (stand along application not JSP) ?

Troubleshooting the helper application is much easier.

Sincerely,
Adam
Apr 27, 2009 at 10:46 AM
Hi Adam

Where can I find the tool CertificateConvert.exe?
I cannot find it in the downloaded package.

Thanks,
Thomas


Sep 8, 2009 at 3:05 PM

Hi Guys,

To extend the experiment a bit further to JBoss 4.2.1 & 4.2.3., as many people may have use.

In JBoss 4.2.1, you simply port the latest build to the Web Module area, the job is already done.

Provided you have MS minted certificate (use PFX to save trouble as Addam indicated) and the latest CA truststore.

However in JBoss 4.2.3, some libraries actually clash with JBoss's library.

So you need to remove the jboss-saaj.jar, jboss-jaxws.jar, and jboss-jaxws-ext.jar  from either ..\server\default\lib or ..\lib\endorsed folder.

Haven't tested with JBOSS-CXF library yet. Maybe it got all mixed libraries sorted out already.

Hope this info is helpful to some of you.

Cheers,

Richard

Oct 28, 2009 at 2:20 PM

I don't seem to be able to find the PPSACredentialWSDL.srf.wsdl file. It doesn't seem to be in the download or in subversion.

Can someone tell me where to find it please ?

thanks

Nov 9, 2009 at 12:38 PM
col wrote:

I don't seem to be able to find the PPSACredentialWSDL.srf.wsdl file. It doesn't seem to be in the download or in subversion.

I just had this problem - couldn't find it in the project either. I managed to find it here:

https://ppsacredential.service.passport.net/PPSACredentialWSDL.srf

which I found by googling "PPSACredentialWSDL.srf" and being led to this document:

http://nexus.passport.com/client/client.xml

Hope that helps you.

Nov 12, 2009 at 8:00 PM

Thanks nick_h that did help me.

I think I'm a lot closer but now I'm getting the following error when trying to run the helper app.

Any advise would be appreciated.

thanks

12/11/2009 19:36:32 org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suites have not been configured, falling back to cipher suite filters.
12/11/2009 19:36:32 org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suite filters have not been configured, falling back to default filters.
12/11/2009 19:36:32 org.apache.cxf.transport.https.SSLUtils getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.  
12/11/2009 19:36:32 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Marshalling Error: com.microsoft.schemas.passport.soapservices.credentialserviceapi.v1.TagWSSECURITYHEADER
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(JAXBEncoderDecoder.java:210)
    at org.apache.cxf.jaxb.io.DataWriterImpl.write(DataWriterImpl.java:79)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleHeaderPart(SoapOutInterceptor.java:197)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.writeSoapEnvelopeStart(SoapOutInterceptor.java:125)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:76)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:57)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
    at $Proxy40.getSLT(Unknown Source)
    at au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
    at au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:194)
    at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.<init>(WindowsLiveHelperSSO.java:38)
    at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.main(WindowsLiveHelperSSO.java:20)
Caused by: java.lang.ClassCastException: com.microsoft.schemas.passport.soapservices.credentialserviceapi.v1.TagWSSECURITYHEADER
    at com.sun.xml.bind.v2.model.impl.RuntimeBuiltinLeafInfoImpl$1.writeLeafElement(RuntimeBuiltinLeafInfoImpl.java:209)
    at com.sun.xml.bind.v2.runtime.reflect.TransducedAccessor$CompositeTransducedAccessorImpl.writeLeafElement(TransducedAccessor.java:250)
    at com.sun.xml.bind.v2.runtime.property.SingleElementLeafProperty.serializeBody(SingleElementLeafProperty.java:98)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:156)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:185)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeBody(ElementBeanInfoImpl.java:305)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:312)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:71)
    at com.sun.xml.bind.v2.runtime.XMLSerializer.childAsRoot(XMLSerializer.java:490)
    at com.sun.xml.bind.v2.runtime.MarshallerImpl.write(MarshallerImpl.java:328)
    at com.sun.xml.bind.v2.runtime.MarshallerImpl.marshal(MarshallerImpl.java:175)
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.writeObject(JAXBEncoderDecoder.java:434)
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(JAXBEncoderDecoder.java:189)
    ... 15 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Marshalling Error: com.microsoft.schemas.passport.soapservices.credentialserviceapi.v1.TagWSSECURITYHEADER
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
    at $Proxy40.getSLT(Unknown Source)
    at au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
    at au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:194)
    at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.<init>(WindowsLiveHelperSSO.java:38)
    at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.main(WindowsLiveHelperSSO.java:20)
Caused by: org.apache.cxf.interceptor.Fault: Marshalling Error: com.microsoft.schemas.passport.soapservices.credentialserviceapi.v1.TagWSSECURITYHEADER
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(JAXBEncoderDecoder.java:210)
    at org.apache.cxf.jaxb.io.DataWriterImpl.write(DataWriterImpl.java:79)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleHeaderPart(SoapOutInterceptor.java:197)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.writeSoapEnvelopeStart(SoapOutInterceptor.java:125)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:76)
    at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:57)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
    ... 5 more
Caused by: java.lang.ClassCastException: com.microsoft.schemas.passport.soapservices.credentialserviceapi.v1.TagWSSECURITYHEADER
    at com.sun.xml.bind.v2.model.impl.RuntimeBuiltinLeafInfoImpl$1.writeLeafElement(RuntimeBuiltinLeafInfoImpl.java:209)
    at com.sun.xml.bind.v2.runtime.reflect.TransducedAccessor$CompositeTransducedAccessorImpl.writeLeafElement(TransducedAccessor.java:250)
    at com.sun.xml.bind.v2.runtime.property.SingleElementLeafProperty.serializeBody(SingleElementLeafProperty.java:98)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:156)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(ElementBeanInfoImpl.java:185)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeBody(ElementBeanInfoImpl.java:305)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:312)
    at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot(ElementBeanInfoImpl.java:71)
    at com.sun.xml.bind.v2.runtime.XMLSerializer.childAsRoot(XMLSerializer.java:490)
    at com.sun.xml.bind.v2.runtime.MarshallerImpl.write(MarshallerImpl.java:328)
    at com.sun.xml.bind.v2.runtime.MarshallerImpl.marshal(MarshallerImpl.java:175)
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.writeObject(JAXBEncoderDecoder.java:434)
    at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(JAXBEncoderDecoder.java:189)
    ... 15 more

Nov 13, 2009 at 9:17 AM

Sorry about dropping the WSDL off the project. I've pushed it back up there. Try it now!

Sincerely,
Adam

Nov 13, 2009 at 9:29 AM
col wrote:

Thanks nick_h that did help me.

I think I'm a lot closer but now I'm getting the following error when trying to run the helper app.

I'd try the WSDL that Adam's re-added, as I also ended up with some problems when I used the version that I linked - I guess because of the changes to the WSDL that were necessary.

In the end I stuck with using JDOM and HttpClient to manually create the XML and post it myself, because CXF and Axis scare me :)

Nov 13, 2009 at 12:54 PM

Adam - Thanks for adding the WSDL file. It helped a lot.

Nick - I agree CXF and Axis scare me a little as well. They always cause me a lot of pain to set up initially but seem to be worth it in the long run.

Anyway, after a few days of messing around, and help from you guys, I'm happy to say that I now have it working. Yay!

Now that I have it running I'm probably going to look into implementing it a little differently so that it fits in with our existing system a little easier. If there is anything I can feed back into this project I'll be happy to do so.

Also, Adam, are you able to provide any details about the changes you needed to make to the WSDL file to get it to work?

cheers

Col.

Nov 13, 2009 at 5:55 PM
Glad you got it working! Even though I did the XML from scratch, the
information about creating the certificate keystore on this site was
very useful - it wouldn't work until I included the whole chain of
issuing certificates in the certificate PEM file. It was confusing
because the PHP/cURL version of this library didn't require this. I
guess it just works differently.

You can probably use a standard diff utility to compare the two WSDL
files, if you want to see what lines were changed.
Jan 15, 2010 at 4:21 PM

Hi Adam,

I tried using the helper file. i am getting the following error. Please help.

Calling GetSLT 2010-01-15 21:43:27
Jan 15, 2010 9:43:29 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suites have not been configured, falling back to cipher suite filters.
Jan 15, 2010 9:43:29 PM org.apache.cxf.transport.https.SSLUtils getCiphersuites
INFO: The cipher suite filters have not been configured, falling back to default filters.
Jan 15, 2010 9:43:29 PM org.apache.cxf.transport.https.SSLUtils getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.  
Jan 15, 2010 9:43:43 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: ppsacredential.service.passport.net
        at org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:95)
        at org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInterceptor.java:68)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
        at $Proxy40.getSLT(Unknown Source)
        at au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
        at au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:184)
        at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.<init>(WindowsLiveHelperSSO.java:37)
        at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.main(WindowsLiveHelperSSO.java:20)
Caused by: com.ctc.wstx.exc.WstxIOException: ppsacredential.service.passport.net
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
        at org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
        ... 11 more
Caused by: java.net.UnknownHostException: ppsacredential.service.passport.net
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
        at java.net.Socket.connect(Socket.java:519)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:382)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:509)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:278)
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:335)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:765)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1807)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1765)
        at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
        at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:64)
        at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
        at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
        ... 12 more
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: ppsacredential.service.passport.net
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
        at $Proxy40.getSLT(Unknown Source)
        at au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
        at au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:184)
        at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.<init>(WindowsLiveHelperSSO.java:37)
        at au.com.identityconcepts.windowslive.sso._test.WindowsLiveHelperSSO.main(WindowsLiveHelperSSO.java:20)
Caused by: org.apache.cxf.interceptor.Fault: ppsacredential.service.passport.net
        at org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:95)
        at org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInterceptor.java:68)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
        ... 5 more
Caused by: com.ctc.wstx.exc.WstxIOException: ppsacredential.service.passport.net
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
        at org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(AbstractOutDatabindingInterceptor.java:93)
        ... 11 more
Caused by: java.net.UnknownHostException: ppsacredential.service.passport.net
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
        at java.net.Socket.connect(Socket.java:519)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:382)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:509)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:278)
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:335)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:765)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1807)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1765)
        at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
        at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:64)
        at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
        at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
        ... 12 more
Java Result: 1

Jan 18, 2010 at 9:30 AM

Are you using SVN HEAD? I'd suggest pulling the latest release and trying again.

Sincerely,

Adam

Jan 18, 2010 at 10:55 AM

Hi Adam,

I am very thankful for your help. Now I am not getting that exception. I resolved it successfully. The exception was because of the property file.

But now I am getting the following exception. Please help me in resolving this. This is the first time I am trying to develop web services based application. So I am not pretty much sure about the root cause why I am getting this.

FYI: I am deploying this application on a Solaris server which it don't need any proxy to connect to the internet.

Apache Tomcat/5.5.20 - Error reportFrom: adam_j_bradley
Are you using SVN HEAD? I'd suggest pulling the latest release and trying again.
Sincerely,
Adam
Read the full discussion online.
To add a post to this discussion, reply to this email (J2EELiveSSO@discussions.codeplex.com)
To start a new discussion for this project, email J2EELiveSSO@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com


http://windows.microsoft.com/shop Find the right PC for you.
Jan 19, 2010 at 6:40 AM
Hi,
Using the given source code, i tried to implement the SSO with the windows live mail service. In the process

Following is the SOAP request I am generating.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<WSSecurityHeader xmlns="http://schemas.microsoft.com/Passport/SoapServices/CredentialServiceAPI/V1">
<version>eshHeader25</version>
<ppSoapHeader25>1033<t:siteheader xmlns:t="http://schemas.microsoft.com/Passport/SiteToken" id="269639"/>
</ppSoapHeader25>
</WSSecurityHeader>
</soap:Header>
<soap:Body>
<GetSLT xmlns="http://schemas.microsoft.com/Passport/SoapServices/CredentialServiceAPI/V1">
<PassIDIn>
<pit>PASSID_SIGNINNAME</pit>
<bstrID>testid2@extmail.relianceada.com</bstrID>
</PassIDIn>
<LoginSeconds>30</LoginSeconds>
</GetSLT>
</soap:Body>
</soap:Envelope>


Here is the response I am getting

<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Body>
<SOAP:Fault>
<faultcode>SOAP:Server</faultcode>
<faultstring>SOAP Server Application Faulted</faultstring>
<detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
<psf:value>0x80048101</psf:value>
<psf:description><psf:lcid>1033</psf:lcid>
<psf:text>The header in the soap request is invalid</psf:text>
</psf:description>
<psf:internalerror>
<psf:code>0x80044024</psf:code>
<psf:text>The client certificate is invalid. The calling site cannot be authenticated.
</psf:text>
</psf:internalerror>
<psf:serverInfo>BAYIDSPRTI1D10 2009.09.30.02.01.00</psf:serverInfo>
</psf:error>
</detail>
</SOAP:Fault>
</SOAP:Body>
</SOAP:Envelope>

Going through the SOAP response I understood some where I am going wrong in passing the Keystore and Truststore values of the certificate I got from the microsoft.

Below here I am enclosing the procedure I followed to create the key store and trust store.

Trust store has been created using ConvertCertificate.exe

Key store is created using the procedure mentioned in this discussion forum. Created privatekey and certificate .pem files and cerated an empty key store after that, created pem files has been imported into the empty key store.

No I am in state where I have no clue of the forward path. Please help me in resolving the issue.

FYI: Used helper file also for debugging. But I couldn't.



From: [email removed]
To: [email removed]
Date: Mon, 18 Jan 2010 01:30:53 -0800
Subject: Re: Windows Live SSO from Java [J2EELiveSSO:49359]

From: adam_j_bradley
Are you using SVN HEAD? I'd suggest pulling the latest release and trying again.
Sincerely,
Adam
Read the full discussion online.
To add a post to this discussion, reply to this email (J2EELiveSSO@discussions.codeplex.com)
To start a new discussion for this project, email J2EELiveSSO@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com


Windows 7: Find the right PC for you. Learn more.
Jan 19, 2010 at 7:29 AM
krantisrivatsav wrote:
Going through the SOAP response I understood some where I am going wrong in passing the Keystore and Truststore values of the certificate I got from the microsoft.

Below here I am enclosing the procedure I followed to create the key store and trust store.

Trust store has been created using ConvertCertificate.exe

Key store is created using the procedure mentioned in this discussion forum. Created privatekey and certificate .pem files and cerated an empty key store after that, created pem files has been imported into the empty key store.

No I am in state where I have no clue of the forward path. Please help me in resolving the issue.

FYI: Used helper file also for debugging. But I couldn't.
The latest release uses the PFX file, not the PEM files and I'd recommend using the TrustStore contains in SVN for testing purposes.

Sincerely,
Adam
Jan 20, 2010 at 2:53 PM

Hi Adam,

Now I am using the pfx file and created the trust store using convertcertificate.exe. I got the following exception.

Apache Tomcat/6.0.16 - Error report

<!-- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;} -->
javax.xml.ws.soap.SOAPFaultException: SOAP Server Application Faulted
	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
	$Proxy40.getSLT(Unknown Source)
	au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
	au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:187)
	au.com.identityconcepts.windowslive.sso.SSOBean.getSLT(SSOBean.java:28)
	org.apache.jsp.validate_jsp._jspService(validate_jsp.java:132)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)

 root cause

org.apache.cxf.binding.soap.SoapFault: SOAP Server Application Faulted
	org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:70)
	org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
	org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:65)
	org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:449)
	org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1996)
	org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1832)
	org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:591)
	org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
	org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
	org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
	$Proxy40.getSLT(Unknown Source)
	au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
	au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:187)
	au.com.identityconcepts.windowslive.sso.SSOBean.getSLT(SSOBean.java:28)
	org.apache.jsp.validate_jsp._jspService(validate_jsp.java:132)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)



Please help me to resolve this.

 

Jan 20, 2010 at 2:57 PM

With the PFX file it is working.

Can you please clarify one question.

Inside the session.wsdl file below mentioned attributes are there.

   <wsdl:service name="SessionService">

      <wsdl:port binding="impl:SessionSoapBinding" name="Session">

         <wsdlsoap:address location="http://localhost:8080/WindowsLiveSSO-Codeplex/services/Session"/>

      </wsdl:port>

   </wsdl:service>

Do I need to update the address location value in the file. Currently I am getting the follwing error. Here is the stack trace.

Apache Tomcat/6.0.18 - Error report

<!-- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;} -->
javax.xml.ws.soap.SOAPFaultException: SOAP Server Application Faulted
	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
	$Proxy40.getSLT(Unknown Source)
	au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
	au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:187)
	au.com.identityconcepts.windowslive.sso.SSOBean.getSLT(SSOBean.java:28)
	org.apache.jsp.validate_jsp._jspService(validate_jsp.java:132)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

 

root cause

org.apache.cxf.binding.soap.SoapFault: SOAP Server Application Faulted
	org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:70)
	org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
	org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:65)
	org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:449)
	org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1996)
	org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1832)
	org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
	org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:591)
	org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
	org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
	org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
	org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:242)
	org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:178)
	$Proxy40.getSLT(Unknown Source)
	au.com.identityconcepts.windowslive.sso.ws.Marshall.GetSLT(Marshall.java:35)
	au.com.identityconcepts.windowslive.sso.ws.Session.GetSLT(Session.java:187)
	au.com.identityconcepts.windowslive.sso.SSOBean.getSLT(SSOBean.java:28)
	org.apache.jsp.validate_jsp._jspService(validate_jsp.java:132)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

Please help.

I tried with updating the

 

Jun 4, 2010 at 6:50 PM

I'm running the application in Tomcat 6.0 and it happens the same problem:

javax.xml.ws.soap.SOAPFaultException: SOAP Server Application Faulted

	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:199)
$Proxy40.getSLT(Unknown Source)


Anyone has solved this problem?
Oct 26, 2010 at 3:45 PM

there is a problem in project jsp file...  in validate.jsp there is a line 

              loginURL ITA = <%=sb.session.loginURLITA%>

 

but  in session class  there is no entry with name loginURLITA  can you please check it

Oct 28, 2010 at 10:36 AM
Hi Noman,
I don't see that line in validate.jsp file.

Just comment the line in jsp and then try to build the code.

Kranthi


From: [email removed]
To: [email removed]
Date: Tue, 26 Oct 2010 07:45:59 -0700
Subject: Re: Windows Live SSO from Java [J2EELiveSSO:49359]

From: MNoman
there is a problem in project jsp file... in validate.jsp there is a line
loginURL ITA = <%=sb.session.loginURLITA%>

but in session class there is no entry with name loginURLITA can you please check it
Read the full discussion online.
To add a post to this discussion, reply to this email (J2EELiveSSO@discussions.codeplex.com)
To start a new discussion for this project, email J2EELiveSSO@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com
Oct 28, 2010 at 11:11 AM

hi  thanks for reply  i solved it ..

Oct 31, 2010 at 3:16 PM
Hi Noman,
Can you please let me know how did you solve it. Is that the only error you were getting.


From: [email removed]
To: [email removed]
Date: Thu, 28 Oct 2010 03:11:46 -0700
Subject: Re: Windows Live SSO from Java [J2EELiveSSO:49359]

From: MNoman
hi thanks for reply i solved it ..
Read the full discussion online.
To add a post to this discussion, reply to this email (J2EELiveSSO@discussions.codeplex.com)
To start a new discussion for this project, email J2EELiveSSO@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com
Oct 31, 2010 at 5:57 PM
Edited Oct 31, 2010 at 6:00 PM

hello

nope i don't think so this was the only one problem which i faced during the  configuration of this project. i take many version of this but failed to configure

but after that i use below

http://axis2livesso.codeplex.com/documentation

this is the project which i feel more stable and easy to configure and got SLT within half an hour...