Hi
Is the client axis2? In my axis2 based stub client I do it like this
// Read the sample token for the service into a java object
OMElement samlAssert =
fromInputFileToOmElm("/xmlMessages/SAMLAssertion.xml");
/*
* Creates a Rampart token, that wrappes the SAML token so it's
* easier to use it when adding it to the service request.
*/
Token token = null; = new Token("myToken", samlAssert, from,
to);
/* Configuration for the axis2 client */
ConfigurationContext config = ConfigurationContextFactory
.createConfigurationContextFromFileSystem("src/test/resources/repository");
/* A storage for the token. */
TokenStorage store = TrustUtil.getTokenStore(config);
store.add(token);
/*
* options for the client, like setting the token and ws-policy
for
* the service it calls.
*/
Options options = new Options();
/* Sets the endpoint where the client should make the call. */
options.setTo(new EndpointReference(tcpmon));
/* sets the policy for the service to call */
options
.setProperty(
RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("src/test/resources/policy/policy_sts_saml.xml"));
/*
* Sets the property so that the toekn will be attached to the
* request.
*/
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
token.getId());
UserMgntClient client = new UserMgntClient(options, config,
true);
Hope this helps
cheers, Håkon
On 19 February 2010 09:38, Vincenzo Campanile <[email protected]> wrote:
> I want my client to work like in policy sample 05 but my STS will issue a
> SAML token on basis of a provided SAML token. Server side there won't be a
> rahas based STS and neither an axis2 service.
> What do you mean by "inflow and outflow code"?
>
> thanks, vicampan.
>
> Il 18/02/2010 18.46, Martin Gainty ha scritto:
>
> difficult to say (without seeing the inflow and outflow code)
>>
>> thanks,
>> Martin Gainty
>> ______________________________________________
>> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>>
>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
>> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
>> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
>> dient lediglich dem Austausch von Informationen und entfaltet keine
>> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
>> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
>> destinataire prévu, nous te demandons avec bonté que pour satisfaire
>> informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie
>> de ceci est interdite. Ce message sert à l'information seulement et n'aura
>> pas n'importe quel effet légalement obligatoire. Étant donné que les email
>> peuvent facilement être sujets à la manipulation, nous ne pouvons accepter
>> aucune responsabilité pour le contenu fourni.
>>
>>
>>
>>
>>
>>
>>> Date: Thu, 18 Feb 2010 18:17:32 +0100
>>> From: [email protected]
>>> To: [email protected]
>>> Subject: Saml as SupportingToken
>>>
>>> Hi,
>>> in a WS-Trust scenario, i have a issuer policy with SAML defined as
>>> supporting token. My STS issues a SAML token on basis of a SAML token.
>>> It seems to me that rampart simply ignores the<SupportingTokens>
>>> element i added to the issuer policy. How will i attach a SAML token in
>>> the security header of my RST using rampart?
>>>
>>> Thanks, vicampan.
>>>
>>> My issuer policy looks like:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <wsp:Policy wsu:Id="SigOnly"
>>> xmlns:wsu="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>> "
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:AsymmetricBinding
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <wsp:Policy>
>>> <sp:InitiatorToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always
>>> ">
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:InitiatorToken>
>>> <sp:RecipientToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always
>>> ">
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:RecipientToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic256Rsa15 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:EncryptBeforeSigning />
>>> </wsp:Policy>
>>> </sp:AsymmetricBinding>
>>> <sp:SupportingTokens
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <wsp:Policy>
>>> <sp:SamlToken
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always
>>> "
>>> />
>>> <wsp:Policy>
>>> <sp:WssSamlV11Token11/>
>>> </wsp:Policy>
>>> </wsp:Policy>
>>> </sp:SupportingTokens>
>>> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>>> ">
>>> <wsp:Policy>
>>> <sp:MustSupportRefKeyIdentifier />
>>> <sp:MustSupportRefIssuerSerial />
>>> </wsp:Policy>
>>> </sp:Wss10>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <sp:Body />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
>>> <ramp:user>client</ramp:user>
>>> <ramp:encryptionUser>server</ramp:encryptionUser>
>>>
>>> <ramp:passwordCallbackClass>it.eng.mmg.ibisDocument.client.utils.PWCBHandler</ramp:passwordCallbackClass>
>>> <ramp:signatureCrypto>
>>> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.file">keystore/client001.jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>>> </ramp:crypto>
>>> </ramp:signatureCrypto>
>>> <ramp:encryptionCypto>
>>> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.file">keystore/client001.jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>>> </ramp:crypto>
>>> </ramp:encryptionCypto>
>>> </ramp:RampartConfig>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>>
>>> My service policy is:
>>>
>>> <wsp:Policy wsu:Id="SgnOnlyAnonymous"
>>> xmlns:wsu="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>> "
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:AsymmetricBinding
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <wsp:Policy>
>>> <sp:InitiatorToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always
>>> ">
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:InitiatorToken>
>>> <sp:RecipientToken>
>>> <wsp:Policy>
>>> <sp:X509Token
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always
>>> ">
>>> <wsp:Policy>
>>> <sp:WssX509V3Token10 />
>>> </wsp:Policy>
>>> </sp:X509Token>
>>> </wsp:Policy>
>>> </sp:RecipientToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic256Rsa15 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:EncryptBeforeSigning />
>>> </wsp:Policy>
>>> </sp:AsymmetricBinding>
>>> <sp:SupportingTokens
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <wsp:Policy>
>>> <sp:IssuedToken
>>> sp:IncludeToken="
>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>> ">
>>> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>> <Address
>>> xmlns="http://www.w3.org/2005/08/addressing";>
>>> http://localhost:8080/axis2/services/STS</Address>
>>> </Issuer>
>>> <sp:RequestSecurityTokenTemplate>
>>> <t:TokenType
>>> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
>>> </t:TokenType>
>>> <t:KeyType
>>> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>>> http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
>>> <t:KeySize
>>> xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize>
>>> </sp:RequestSecurityTokenTemplate>
>>> <wsp:Policy>
>>> <sp:RequireInternalReference />
>>> </wsp:Policy>
>>> </sp:IssuedToken>
>>> </wsp:Policy>
>>> </sp:SupportingTokens>
>>> <sp:SignedParts>
>>> <sp:Body />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts>
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> <sp:Wss11>
>>> <wsp:Policy>
>>> <sp:MustSupportRefKeyIdentifier />
>>> <sp:MustSupportRefIssuerSerial />
>>> <sp:MustSupportRefThumbprint />
>>> <sp:MustSupportRefEncryptedKey />
>>> <sp:RequireSignatureConfirmation />
>>> </wsp:Policy>
>>> </sp:Wss11>
>>> <sp:Trust10>
>>> <wsp:Policy>
>>> <sp:MustSupportIssuedTokens />
>>> <!--<sp:RequireClientEntropy/> -->
>>> <!--<sp:RequireServerEntropy/> -->
>>> </wsp:Policy>
>>> </sp:Trust10>
>>> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
>>> <ramp:user>client</ramp:user>
>>> <ramp:encryptionUser>server</ramp:encryptionUser>
>>>
>>> <ramp:passwordCallbackClass>it.eng.mmg.ibisDocument.client.utils.PWCBHandler</ramp:passwordCallbackClass>
>>> <ramp:signatureCrypto>
>>> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.file">keystore/client001.jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>>> </ramp:crypto>
>>> </ramp:signatureCrypto>
>>> <ramp:encryptionCypto>
>>> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.file">keystore/client001.jks</ramp:property>
>>> <ramp:property
>>>
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>>> </ramp:crypto>
>>> </ramp:encryptionCypto>
>>> </ramp:RampartConfig>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>>
>>> --
>>>
>>>
>>> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>>>
>>> Ing. Vincenzo Campanile
>>>
>>> Engineering Ingegneria Informatica s.p.a.
>>>
>>> Via Ferrante Imparato 192-198
>>> Centro Mercato 2, ed. F
>>> 80146 Napoli
>>>
>>> Tel. 081 5650654 - Fax: 081 5650636
>>> e-mail: [email protected]
>>>
>>> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> Hotmail: Powerful Free email with security by Microsoft.
>> http://clk.atdmt.com/GBL/go/201469230/direct/01/
>>
>>
>
> --
>
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
> Ing. Vincenzo Campanile
>
> Engineering Ingegneria Informatica s.p.a.
>
> Via Ferrante Imparato 192-198
> Centro Mercato 2, ed. F
> 80146 Napoli
>
> Tel. 081 5650654 - Fax: 081 5650636
> e-mail: [email protected]
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
>
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science(BCCS)
Uni BCCS/Uni Research
[email protected], phone +47 55584125
