Rampart interaction with client/provider/STS
So far the samples seem to explicitly (through API) retrieve a token from the STS. I'm wondering whether this can be done declaratively only by way of the policy. It seems that if I have a policy file exposed within a service's WSDL that states what STS that is acceptable, then the client shouldn't need to get a token through the API? In other words, in code I would expect something like: - setup a ServiceClient for the service provider endpoint - engage Rampart - load the service's policy document - call service and I would expect that based on Rampart's understanding of the policy it would know to retrieve a token from the STS prior to actually making the call to the service provider. If my expectation is wrong, then once I get a token from the STS programmatically, how do i attach it to the actual service call? Thanks, --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart interaction with client/provider/STS
On Thu, Jun 26, 2008 at 8:35 AM, Tim Williams [EMAIL PROTECTED] wrote: So far the samples seem to explicitly (through API) retrieve a token from the STS. I'm wondering whether this can be done declaratively only by way of the policy. It seems that if I have a policy file exposed within a service's WSDL that states what STS that is acceptable, then the client shouldn't need to get a token through the API? In other words, in code I would expect something like: - setup a ServiceClient for the service provider endpoint - engage Rampart - load the service's policy document - call service and I would expect that based on Rampart's understanding of the policy it would know to retrieve a token from the STS prior to actually making the call to the service provider. If my expectation is wrong, then once I get a token from the STS programmatically, how do i attach it to the actual service call? It seems my expectation was reasonable, I just tried Rampart 1.4 sample 06 and essentially does what i wanted. On a side note, sample05 only seems to work *after* I successfully run sample06. If I type ant clean in the sample/policy directory then try sample05 it's broken with something about a missing WSSE:Security header. Sorry for the noise... --tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart interaction with client/provider/STS
On Thu, Jun 26, 2008 at 9:05 PM, Tim Williams [EMAIL PROTECTED] wrote: On Thu, Jun 26, 2008 at 8:35 AM, Tim Williams [EMAIL PROTECTED] wrote: So far the samples seem to explicitly (through API) retrieve a token from the STS. I'm wondering whether this can be done declaratively only by way of the policy. It seems that if I have a policy file exposed within a service's WSDL that states what STS that is acceptable, then the client shouldn't need to get a token through the API? In other words, in code I would expect something like: - setup a ServiceClient for the service provider endpoint - engage Rampart - load the service's policy document - call service and I would expect that based on Rampart's understanding of the policy it would know to retrieve a token from the STS prior to actually making the call to the service provider. If my expectation is wrong, then once I get a token from the STS programmatically, how do i attach it to the actual service call? It seems my expectation was reasonable, I just tried Rampart 1.4 sample 06 and essentially does what i wanted. Yes, in sample 06, Rampart extracts the issuer and the metadata exchange endpoint from the client policy and first get the security policy related to STS using medata exchange endpoint. Then it send a Security Token Request, get the token as you that as a claim to the service. On a side note, sample05 only seems to work *after* I successfully run sample06. If I type ant clean in the sample/policy directory then try sample05 it's broken with something about a missing WSSE:Security header. Thanks for the feedback. Will look in to this. regards, nandana
