[jira] Created: (RAMPARTC-76) Username token should default inclusion to empty string, and treat an empty IncludeToken attribute to mean the token is optional

Thu, 28 Feb 2008 15:13:08 -0800 

Username token should default inclusion to empty string, and treat an empty 
IncludeToken attribute to mean the token is optional
--------------------------------------------------------------------------------------------------------------------------------

                 Key: RAMPARTC-76
                 URL: https://issues.apache.org/jira/browse/RAMPARTC-76
             Project: Rampart/C
          Issue Type: Bug
          Components: Rampart-core
    Affects Versions: Current
         Environment: Windows XP
            Reporter: Dave Meier
            Assignee: Ruchith Udayanga Fernando
            Priority: Critical
         Attachments: rampart_sec_header_processor_diff.txt

I want to specify a policy that has no IncludeToken attribute.  Since 
IncludeToken is optional, it must be allowed to be unspecified.

The following is how I specify UsernameToken in my services.xml file:

<sp:UsernameToken/>

I want that to indicate that the UsernameToken itself is optional.  I have a 
use case where I want either a saml assertion or a username token, so I have to 
handle the case where Username token is not there.  Rampart does not complain 
when I leave out the saml assertion and put in the username token, but it does 
complain when I have only the saml assertion and no username token.

Here is the full policy I have defined in services.xml:

  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
          <wsp:Policy>
            <sp:InitiatorToken>
              <wsp:Policy>
                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                  <wsp:Policy>
                    <sp:WssX509V3Token10/>
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:InitiatorToken>
            <sp:RecipientToken>
              <wsp:Policy>
                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
                  <wsp:Policy>
                    <sp:WssX509V3Token10/>
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:RecipientToken>
            <sp:Layout>
              <wsp:Policy>
                <sp:Strict/>
              </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp/>
          </wsp:Policy>
        </sp:AsymmetricBinding>
        <sp:SignedSupportingTokens 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
        <wsp:Policy>
          <sp:IssuedToken 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
            <sp:RequestSecurityTokenTemplate 
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";>
              <wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
              
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
            </sp:RequestSecurityTokenTemplate>
          </sp:IssuedToken>
          <sp:UsernameToken/>
        </wsp:Policy>
        </sp:SignedSupportingTokens>
        <rampc:RampartConfig 
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
            <rampc:TimeToLive>360</rampc:TimeToLive>
            <rampc:PasswordType>plainText</rampc:PasswordType>
            
<rampc:AuthnModuleName>F:/TeamTrack701/software/contrib/axis2c/Win32Debug/lib/aeaxisauth.dll</rampc:AuthnModuleName>
        </rampc:RampartConfig>
      </wsp:All>
    </wsp:ExactlyOne>
  </wsp:Policy>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to