[
https://issues.apache.org/jira/browse/RAMPARTC-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dave Meier updated RAMPARTC-76:
-------------------------------
Attachment: rampart_sec_header_processor_diff.txt
> Username token should default inclusion to empty string, and treat an empty
> IncludeToken attribute to mean the token is optional
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPARTC-76
> URL: https://issues.apache.org/jira/browse/RAMPARTC-76
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: Current
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: Ruchith Udayanga Fernando
> Priority: Critical
> Attachments: rampart_sec_header_processor_diff.txt
>
>
> I want to specify a policy that has no IncludeToken attribute. Since
> IncludeToken is optional, it must be allowed to be unspecified.
> The following is how I specify UsernameToken in my services.xml file:
> <sp:UsernameToken/>
> I want that to indicate that the UsernameToken itself is optional. I have a
> use case where I want either a saml assertion or a username token, so I have
> to handle the case where Username token is not there. Rampart does not
> complain when I leave out the saml assertion and put in the username token,
> but it does complain when I have only the saml assertion and no username
> token.
> Here is the full policy I have defined in services.xml:
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:IssuedToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <sp:RequestSecurityTokenTemplate
> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";>
> <wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
>
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
> </sp:RequestSecurityTokenTemplate>
> </sp:IssuedToken>
> <sp:UsernameToken/>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
> <rampc:TimeToLive>360</rampc:TimeToLive>
> <rampc:PasswordType>plainText</rampc:PasswordType>
>
> <rampc:AuthnModuleName>F:/TeamTrack701/software/contrib/axis2c/Win32Debug/lib/aeaxisauth.dll</rampc:AuthnModuleName>
> </rampc:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
