Hello Prabath, I went another time through the mail exchange we had last month and I think I've understood a little better how my environment should work.
I think that what I'm missing now is how the server validates the token received, once it has been registered as relying service and has been set as SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt, X509 Authentication. Have you got any sample codes on how to validate the token on the server side. Is it something I need to do programmatically or can I manage it in a declarative way through WSAS, such as specifying a <validate-X509-token> element in the service policy?! Thanks. 2009/10/9 Francesco Stampacchia <stampacchiafrance...@gmail.com> > Thank you Prabath, > but is on the net any sample in which Is shown how token validation is made > on server side?! > > Can I acheive it in a declarative way on WSAS?! > > Thanks > > > 2009/10/8 Prabath Siriwardena <prab...@wso2.com> > >> We need to edit the services.xml of the service. >> >> [1] explains how you could apply different policies at different >> bindings - you need to do something similar to that to make different >> policies available to different operations. >> >> [2] explains how to apply policies at operation level. >> >> Thanks & regards. >> -Prabath >> >> [1]: >> http://blog.rampartfaq.com/2009/08/how-to-add-secured-and-non-secured-end.html >> [2]:http://wso2.org/library/3786 >> >> Francesco Stampacchia wrote: >> > Do you mean we need to edit policies in the List -> Services -> >> > HelloService -> Polices? Or do I have to change my service.policy.xml? >> > Could you show me some examples?! >> > >> > 2009/10/8 Prabath Siriwardena <prab...@wso2.com <mailto: >> prab...@wso2.com>> >> > >> > This is possible. You can have different policies at the operation >> > level >> > of your service. >> > >> > Thanks & regards. >> > -Prabath >> > >> > Francesco Stampacchia wrote: >> > > I've setted up a client-server configuration in which, my server >> > > exposes two functions, one should be reachable by every client >> that >> > > has a reliable certificate and the other is reachable only by >> > clients >> > > that have a reliable certificate and a token issued by the STS. >> > > Is this possible?! >> > > >> > > I built my tests on top of the HelloService client example that >> > comes >> > > with the wso2wsas bundle. >> > > I found some issue in requesting the more restricted function, >> > as I'm >> > > able to reach the service everytime I just engage Rampart. >> > > >> > > How can I make my functions selective? >> > > >> > > In other words how can I make function 1 accept only 'STS >> > > authenticated and rampart engaged' users and function 2 accept >> only >> > > 'rampart engaged' users? >> > > >> > > -- >> > > Francesco Stampacchia >> > > >> > >> ------------------------------------------------------------------------ >> > > >> > > _______________________________________________ >> > > Carbon-dev mailing list >> > > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org> >> > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > >> > >> > >> > _______________________________________________ >> > Carbon-dev mailing list >> > Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org> >> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > >> > >> > >> > >> > -- >> > Francesco Stampacchia >> > ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > Carbon-dev mailing list >> > Carbon-dev@wso2.org >> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > >> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Francesco Stampacchia > -- Francesco Stampacchia
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
