Hi Gina, > 2. I used folloiwng TokenType, hopefully Apache CXF understand it. > <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
It can. > 5. When client request ADFS2.0 new token using ActAs token, it need to be > authenticated using username token since my ADSF end point is > /adfs/services/trust/13/usernamemixed. I still don't see place to set > username and password in bean.xml. You need to set a username as well as the class name of a CallbackHandler instance that returns the password for said username. See here for an example: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml?view=markup i.e.: <entry key="ws-security.username" value="alice"/> <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> The CallbackHandler in question is here: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java?view=markup Colm. On Tue, May 22, 2012 at 10:58 PM, Gina Choi <[email protected]> wrote: > Hi Oliver, > > I have converted hello_world.wsdl file to Symmetric bindings and zip file is > attached. > > 1. Since all configuration related to STS is can be done through beans.xml > under examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I commented > out STS related refernce from hello_world.wsdl(line 135-137). > > </wsp:Policy> > <!--sp:Issuer> > <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address> > </sp:Issuer--> > </sp:IssuedToken> > > 2. I used folloiwng TokenType, hopefully Apache CXF understand it. > <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType> > > 3. In line 54, you have this. I don't know if type should be xsd:string. I > left as it is for now. > <element name="responseType" type="string"/> > > 4. In bean.xml file under > examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I have updated > conduit name by the hostname of ADFS. > > 5. When client request ADFS2.0 new token using ActAs token, it need to be > authenticated using username token since my ADSF end point is > /adfs/services/trust/13/usernamemixed. I still don't see place to set > username and password in bean.xml. > > Thanks. > Gina > > On Tue, May 22, 2012 at 4:34 PM, Oliver Wulff <[email protected]> wrote: >> >> Hi Gina >> >> The configuration file is here: >> >> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/beans.xml?view=markup >> >> The bean jaxws:client contains all the configuration to call the >> helloworld service. The property "ws-security.sts.client" contains all sts >> related configuration. >> >> You also have to configure the trustore for the https communication which >> is here: >> 68 <!-- STS WSDL download --> >> 69 <http:conduit name="https://localhost:9443/.*";> >> 70 <http:tlsClientParameters disableCNCheck="true"> >> 71 <sec:trustManagers> >> 72 <sec:keyStore type="jks" password="tompass" >> resource="tomcatKeystore.jks" /> >> 73 </sec:trustManagers> >> 74 </http:tlsClientParameters> >> 75 </http:conduit> >> >> where you can update the conduit name by the hostname of ADFS. >> >> >> >> ------ >> >> Oliver Wulff >> >> Blog: http://owulff.blogspot.com >> Solution Architect >> http://coders.talend.com >> >> Talend Application Integration Division http://www.talend.com >> >> ________________________________ >> From: Gina Choi [[email protected]] >> Sent: 22 May 2012 21:59 >> To: Oliver Wulff >> Cc: [email protected] >> Subject: Redirecting Fediz GreeterService to ADFS2.0 >> >> Hi Oliver, >> >> With your help, previously I have successfully connected Fediz Helloworld >> web >> app(http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/) >> to ADFS2.0 using WS-Federation. My next goal is to change Fediz >> GreeterService(http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/) >> to point to ADFS2.0 using Assertion token previously obtained from >> WS-Federation. This Assertion token will be used as actas token. I am >> planning to use Symmetric bindings for Web service-client-ADFS2.0 and >> ADFS2.0 end point will be adfs/services/trust/13/usernamemixed. Everything >> pretty much same as your blog (SSO across Web Applications and Web Services >> - Part IV b : >> http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web_16.html) >> except that my STS is ADFS2.0. I have attached zipped mex file for my ADFS >> and wsdl file for my final .NET web service. I will send you wsdl file for >> GreeterService using Symmetric bindings later. >> >> You previously mentioned configuring the password with the property >> "ws-security.password". Do you have a configuration file in the client side >> to add ws-security.password? >> >> Thanks. >> Gina > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
