Hi all.
I am working with UsernameToken scenario and desire hide the password is
sent in the request message when consuming a service, this time encrypting
this part of the message with the certificate of application server
(wso2as-4.1.2). To do this I modified the policy by adding an additional
element with the help of a Protection Assertions (Encrypted Parts
Assertion). Here the part of modified message:
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/I
ncludeToken/AlwaysToRecipient">
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Password/>
</sp:EncryptedParts>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
Annex the complete policy with the rampart configuration. By now I have not
been successful. Any idea?
--
Salu2,
Ing. Jorge Hernández Roselló.
10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS
INFORMATICAS...
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION
http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="UsernameTokenConHash" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"></sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256></sp:Basic256>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax></sp:Lax>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp></sp:IncludeTimestamp>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken=
"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Password/>
</sp:EncryptedParts>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>echo</ramp:user>
<ramp:passwordCallbackClass>org.wso2.carbon.core.services.echo.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">C:/wso2carbon.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:timestampPrecisionInMilliseconds>true</ramp:timestampPrecisionInMilliseconds>
<ramp:timestampTTL>300</ramp:timestampTTL>
<ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
_______________________________________________
User mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/user
