Talend Connect
Virtual Summit
JOIN US!
And visit the Customer
& Community Lounge.
May 27-28, wherever you are.

How to use TRestRequest and SAML Token

Highlighted
Four Stars

How to use TRestRequest and SAML Token

Hello,

 

I'm trying to use a tRestRequest and SAML Token in Karaf.

I published my job with Use Authentication (SAML Token) and Use Authorization.

 

In my Talend Server, i already have Syncope with a Role and a user Attach to it.

In ESB Infrastructure, i add an entry for my service with an affectation to my service.

 

When i make a SOAP request, i got the SAML Token :

 

 

HTTP/1.1 200 OK
Date: Mon, 18 Feb 2019 12:57:50 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 5278
Server: Jetty(9.2.15.v20160210)

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns3:RequestSecurityTokenResponseCollection xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802"><ns3:RequestSecurityTokenResponse Context="?"><ns3:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</ns3:TokenType><ns3:RequestedSecurityToken><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_3d101e15-bb78-4df6-b257-f55a90a2e722" IssueInstant="2019-02-18T12:57:50.965Z" Version="2.0" xsi:type="saml2:AssertionType"><saml2:Issuer>TalendESB_STSIssuer</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_3d101e15-bb78-4df6-b257-f55a90a2e722"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>9tf36HnNwr2Pj4MEGHv6El9L17axrN2erIcCQNUI2og=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>JntMoW1NZ+H79NqXugeTjN2pSq7go3QIBU4JaPnZc9msyYOCskImP8YHPVYd2qoC3fW1dXvP2cY5DCZU/k6rTtTnwkrNruLfWdpnwZomyMrewqqVwrIXCKXvaH9G+K+acV5ufkhrNR+QaTxzmoMXu+PtgaKETe1z+ckFUXZO+vQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIID5jCCA0+gAwIBAgIJAPahVdM2UPibMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzER
MA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNU
UyAtLSBOT1QgRk9SIFBST0RVQ1RJT04xFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMT
C3d3dy5zdHMuY29tMRowGAYJKoZIhvcNAQkBFgtzdHNAc3RzLmNvbTAeFw0xMTAyMDkxODM4MTNa
Fw0yMTAyMDYxODM4MTNaMIGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNV
BAcTCUJhbHRpbW9yZTEpMCcGA1UEChMgU2FtcGxlIFNUUyAtLSBOT1QgRk9SIFBST0RVQ1RJT04x
FjAUBgNVBAsTDUlUIERlcGFydG1lbnQxFDASBgNVBAMTC3d3dy5zdHMuY29tMRowGAYJKoZIhvcN
AQkBFgtzdHNAc3RzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+f8gs4WcteLdSPW
Pm8+ciyEz7zVmA7kcCGFQQvlO0smxRViWJ1x+yniT5Uu86UrAQjxRJyANBomQrirfE7KPrnCm6iV
OsGDEntuIZAf7DFPnrv5p++jAZQuR3vm4ZHXFOFTXmI+/FD5AqLfNi17xiTxZCDYyDdD39CNFTrB
2PkCAwEAAaOCARIwggEOMB0GA1UdDgQWBBRa0A38holQIbJMFW7m5ZSw+iVDHDCB3gYDVR0jBIHW
MIHTgBRa0A38holQIbJMFW7m5ZSw+iVDHKGBr6SBrDCBqTELMAkGA1UEBhMCVVMxETAPBgNVBAgT
CE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0aW1vcmUxKTAnBgNVBAoTIFNhbXBsZSBTVFMgLS0gTk9U
IEZPUiBQUk9EVUNUSU9OMRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwt3d3cuc3Rz
LmNvbTEaMBgGCSqGSIb3DQEJARYLc3RzQHN0cy5jb22CCQD2oVXTNlD4mzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4GBACp9yK1I9r++pyFT0yrcaV1m1Sub6urJH+GxQLBaTnTsaPLuzq2g
IsJHpwk5XggB+IDe69iKKeb74Vt8aOe5usIWVASgi9ckqCwdfTqYu6KG9BlezqHZdExnIG2v/cD/
3NkKr7O/a7DjlbE6FZ4G1nrOfVJkjmeAa6txtYm1Dm/f</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://cxf.apache.org/sts">yoann</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></saml2:Subject><saml2:Conditions NotBefore="2019-02-18T12:57:50.965Z" NotOnOrAfter="2019-02-18T13:27:50.965Z"/><saml2:AttributeStatement><saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xsi:type="xsd:string">test_role</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></ns3:RequestedSecurityToken><ns3:RequestedAttachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_3d101e15-bb78-4df6-b257-f55a90a2e722</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns3:RequestedAttachedReference><ns3:RequestedUnattachedReference><ns4:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><ns4:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_3d101e15-bb78-4df6-b257-f55a90a2e722</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns3:RequestedUnattachedReference><ns3:Lifetime><ns1:Created>2019-02-18T12:57:50.965Z</ns1:Created><ns1:Expires>2019-02-18T13:27:50.965Z</ns1:Expires></ns3:Lifetime></ns3:RequestSecurityTokenResponse></ns3:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>

Then i user  https://www.samltool.com/encode.php to deflate and encode the XML.

 

Finally, i try to launch curl -v -H "Authorization: SAML<token>" http_url.

 

But i got this error

* Expire in 0 ms for 6 (transfer 0x2d5f070cfd0)
* Expire in 1 ms for 1 (transfer 0x2d5f070cfd0)
* Expire in 1 ms for 1 (transfer 0x2d5f070cfd0)
* Expire in 2 ms for 1 (transfer 0x2d5f070cfd0)
* Expire in 5 ms for 1 (transfer 0x2d5f070cfd0)
* Expire in 7 ms for 1 (transfer 0x2d5f070cfd0)
* Expire in 10 ms for 1 (transfer 0x2d5f070cfd0)
*   Trying 10.126.72.92...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x2d5f070cfd0)
* Connected to *************** (#0)
> GET /services/v1/Test/TestHTTP/1.1
> Host: slp-wrapp22
> User-Agent: curl/7.64.0
> Accept: */*
> Authorization: SAML lVdbc6JKEH5PVf5Dyn20jICiwdqkargpKihXLy9bIwyIclEGBP31Z9BNTpK9V/EyPd09X3/d09N8xTCOmAHAGGV5mCYPVRwleHCVPjeKLBmkEId4kMAY4UHuDkygTgfMIzWAryaN7zYV9p4b2zw/DNrtsiwfy85jmgVthqLo9lKdmu4WxfB/5fDPyq0wwTlMXNR4UMTnxreOR1M0otnWZtN/anU9v9faMGy/5bMs5CjIoD7DEFWMC6RcLfPnBkPRXItiWvSTRTMDtj9gqUeux64bDw7KMIFPVB4pAguHg/x8QM+NT4xYRNh4+XqTXn1nLxaMUOJJJv/NtMyb7Gv7g8ZXDw/MMEhgXmToe8we/kXIVJvi2kTHw2HwpfFmizwl8dPrUoBJmoQujMILrEGpKN+m3gOIgjQL8238Sy5pqnbcQpXbculu8qXR/gjtrx1R3VeErTjN0JcMwxbeQobtfXdpIB9liCTrwTaU58aXv8vW1dTKYIL9NIvxx+UfYX0gDiUnFKUH5LXwa3Tfof29w58Q9vIVuQMlcaMChyek1ffgAF2EvycVuX/v6mGeIT+spiEmhUmuSw2v/R7fp+WNDjEMEM7/MVEkEV8+pOfmxYFRgV643O/0RolWZsx811Wl4ejUkyJuSvdhlWkMyhRX0DVbYdLg+YrovfFV8Jbs2/JTtb5V181inORquqC1dXPU57TjsgiQtdOYg3nsB2lHV3i7O4bzZO1yMT6vZgLeK/H8aTWaOyuPOaZCx1/Q3vI0Z9wVKwpru73vZVZuJeU+07Ji6i+8Q1Ku0/isZqg8Hp0yU5bCZHmCI27YnDSh67CFv99mmtHUoVVd4lRdFs15HsCJZCH60nT3sr1cz5on/fktnHf465Am6PwW3pKlOBHm8G0h1J3CJ9czRy+qoojsThAA1QxAqfAgUMZgDreOpzL2PNyogBoK5nFoKpuOqEs8r9tAVYYHVceloK9ER9eHUjl27Itk3N+p4GkIaFsSeFWxFvIZLartJtYraQd0PtAcHriWYI+3m5Fx2Cy489qSDqrg3my2amAzcu4Oq0iRNfv+zj6DfGryM4vWA2PPmYrMmxZlODptjC2qW8k7YN+8Yku0I1uRjMgdymdvSEebRK9kEZi3fdW6vxM6Xsc7sxdvpBYrhstVIy2HYDWepGtle3I1oO95OcjJvgbcjnGZxtppYwEkl1SlWuCsivtqJqpd1dLg/R2Rnm/S1Zv0V7z8iZX7u3/h5U+sEGz/wMufWLm/+zkvAp9cgMYH++N2Hw65kuKBLskAzPidDspgtReClQTSpv8U4O7CzdHUM+eL+7t5/NR0w7N06V+cGPT3rjCUdf0UzSgcV4YTLsZ01TwnocXaxVPPzoC+q4zxmRyVxnoWZr7Un8yzRIh7IeFthoeilOSFsgZ+X5TnSXZiD83mDqz1wuic4u56tJRnsrWMlWZbFllwnPpaSPer0KrWgrg6i57Y4QRNtjL+/o6Z7wVQSgDAmQAMpQwCaabyVJ0FTwz0Bc8bkAKdp20a6cpmrMqLfsyuzbIZOuJIFPhOQPJuUDteGZFIVWVkBb+zmAz5rGfyGbE8WtJUBftrvvmtKjiOWkkWmN+yFNTVK9FbN4nwasHuVYJNAtcaG0llJKwWFQUX9MmN7WpigeRmlVqkWrabJY/XJm85shpMTSqw9hy5WYq0ntshuct7TnJszTZtbqYaq1K+eZ1KJT12BF5aL3lyqpGvFyylGnopBdd9USpzUjduUdfD/d2tIiSo8sH7XjEGxmpaa+gjjXLP7G7DMIKgi0zqLC0tErvxBag11pGhSrwFRKCP2nUP+bHjgO6QB8KBO09ohcuazcNZtqhz5kKHjmmz2PSKbDxqDit9ykMrsTCcT4vLkQlIpHg8OpR7dhkEfFMRUY8LJxO06Xed/AnOEFtgZeEAMwg5d38USs+3jquiNxlyfIQux9Hak6pEGTKntisSbB1tP8n6szbsi7toI/XkdXdIJ9nMd8b7XYwA7OVVvoppMW7719b8ud2+CW8Nuf2+VX9o5a8THAluh9z8dVm/54r4IJPXFua/H3hrSei1/Kvq4FBPjzhHSd54qJ3oBRnO/BBlbw+zW/mPkIwKW3R9nHGOGy/nFCbJ66h4O/sTMCFN/LA+oR7Gb4/+72G58WCDYIay6zTx0yCJTy+sHeIHLc15REJAv5uMidIsmWXAz+tw3ut1Bsz/eu1X/yDPs3BT5MjMSU5iwskPO1eO3qjB1/EeP5JBBafwcOWnxPX8wrbJF3rERZif224Ewxi3szRCN5b/Jk+QnFlLXzNVJPiA3Do3XuMHXNcX/t3wT6ayASZ7SdB4ycnM860++5XWj1YvP4h/lLwjpP3pv+LlPw==
>
< HTTP/1.1 403 Forbidden
< Date: Mon, 18 Feb 2019 13:00:56 GMT
< Content-Type: application/xml; charset=UTF-8
< Content-Length: 237
< Server: Jetty(9.2.15.v20160210)
<
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat"><ns1:faultstring xmlns:ns1="http://cxf.apache.org/bindings/xformat">org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized</ns1:faultstring></ns1:XMLFault>* Connection #0 to host

Did i miss something ?

 

Thank you

 

 

Highlighted
Moderator

Re: How to use TRestRequest and SAML Token

Hello,

Could you please clarify in which Talend version/edition you are?

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Highlighted
Four Stars

Re: How to use TRestRequest and SAML Token

Sorry, my problem is solved, i forgot to change some configuration file because i don't use default port.

 

Regards,

Yoann

2019 GARTNER MAGIC QUADRANT FOR DATA INTEGRATION TOOL

Talend named a Leader.

Get your copy

OPEN STUDIO FOR DATA INTEGRATION

Kickstart your first data integration and ETL projects.

Download now

An API-First Approach to Modernizing Applications

Learn how to use an API-First Approach to Modernize your Applications

Watch Now

Talend API Designer – Technical Overview

Take a look at this technical overview video of Talend API Designer

Watch Now

Getting Started with APIs

Find out how to get started with APIs

Read