authentication - WSO2IS: Verifing user is already logged using ssoTokenId and IdentitySAMLSSOServiceSoap webservice -
i have followed steps in tutorial retrieve ssotokenid in http response header wso2 identity server 4.1.0. running locally.
i have the identitysamlssoservice available at:
https://localhost:9443/services/identitysamlssoservice?wsdl this service provides 3 operations:
- authenticate
- dosinglelogout
- validaterequest
using authenticate operation, want verify user indeed logged in. expect use ssotokenid have retrieved earlier. also, assume jsessionid not relevant @ point.
ssotokenid=1e5f811e2fac8afbee31621e889de3fd i have used soapui start soap request authenticate service. have added basic authentication username/password.
<soap:envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.saml.sso.identity.carbon.wso2.org/xsd"> <soap:header/> <soap:body> <xsd:authenticate> <!--optional:--> <xsd:authreqdto> <!--optional:--> <xsd1:assertionconsumerurl>http://localhost:8080/saml2.demo/consumer</xsd1:assertionconsumerurl> <!--optional:--> <xsd1:assertionstring></xsd1:assertionstring> <!--optional:--> <xsd1:certalias></xsd1:certalias> <!--optional:--> <xsd1:claim></xsd1:claim> <!--optional:--> <xsd1:dosignassertions>false</xsd1:dosignassertions> <!--optional:--> <xsd1:dosinglelogout>false</xsd1:dosinglelogout> <!--optional:--> <xsd1:id></xsd1:id> <!--optional:--> <xsd1:issuer>saml2.demo</xsd1:issuer> <!--optional:--> <xsd1:loginpageurl></xsd1:loginpageurl> <!--optional:--> <xsd1:logouturl></xsd1:logouturl> <!--optional:--> <xsd1:nameidformat></xsd1:nameidformat> <!--optional:--> <xsd1:password></xsd1:password> <!--zero or more repetitions:--> <xsd1:requestedclaims></xsd1:requestedclaims> <!--optional:--> <xsd1:rpsessionid>1e5f811e2fac8afbee31621e889de3fd</xsd1:rpsessionid> <!--optional:--> <xsd1:stratosdeployment>false</xsd1:stratosdeployment> <!--optional:--> <xsd1:subject></xsd1:subject> <!--optional:--> <xsd1:usefullyqualifiedusernameassubject>false</xsd1:usefullyqualifiedusernameassubject> <!--optional:--> <xsd1:username></xsd1:username> </xsd:authreqdto> <!--optional:--> <xsd:sessionid></xsd:sessionid> </xsd:authenticate> </soap:body> </soap:envelope> i received following response:
<soapenv:envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:body> <ns:authenticateresponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2301:samlssorespdto" xmlns:ax2299="http://base.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:ax2301="http://dto.saml.sso.identity.carbon.wso2.org/xsd"> <ax2301:assertionconsumerurl xsi:nil="true"/> <ax2301:errormsg>login.fail.message</ax2301:errormsg> <ax2301:loginpageurl xsi:nil="true"/> <ax2301:respstring><![cdata[<?xml version="1.0" encoding="utf-8"?> <saml2p:response id="dgjkpdhojndphkhklhlpcdjnbakojekiajbflpjp" issueinstant="2013-07-11t08:46:32.008z" version="2.0" xmlns:saml2p="urn:oasis:names:tc:saml:2.0:protocol"><saml2:issuer format="urn:oasis:names:tc:saml:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:saml:2.0:assertion">https://localhost:9443/samlsso</saml2:issuer><saml2p:status><saml2p:statuscode value="urn:oasis:names:tc:saml:2.0:status:authnfailed"/><saml2p:statusmessage>login.fail.message</saml2p:statusmessage></saml2p:status></saml2p:response>]]></ax2301:respstring> <ax2301:sessionestablished>false</ax2301:sessionestablished> <ax2301:subject xsi:nil="true"/> </ns:return> </ns:authenticateresponse> </soapenv:body> </soapenv:envelope> i have tried add value of ssotokenid in different places:
- i have tried adding value of
ssotokenid<xsd1:rpsessionid> - i have tried add
<xsd:sessionid> - also tried adding header of soap request.
unfortunately, in cases, there login.fail.message. proper way check if user authenticated?
Comments
Post a Comment