Hi, I try to configure a simple STS which satisfys the need of BiPRO (a standard to transfer insurance data) with Secure Conversation.
In WSDL of the STS the BiPRO defines a policy like this for username/password authentication: <wsp:Policy wsu:Id="BiPROAuthSecurityPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> </wsp:Policy> </sp:TransportBinding> <sp:SupportingTokens> <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:UsernameToken wsu:Id="BiPROBasicToken"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Then I configured the service in cxf-servlet.xml like this: ... <bean id="mySTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> <property name="issueSingleOperation" ref="transportIssueDelegate"/> <property name="validateOperation" ref="transportValidateDelegate"/> <property name="cancelOperation" ref="transportCancelDelegate"/> </bean> <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> <property name="tokenProviders" ref="transportTokenProviders"/> <property name="services" ref="transportService"/> <property name="stsProperties" ref="transportSTSProperties"/> <property name="tokenStore" ref="defaultTokenStore"/> <property name="returnReferences" value="false" /> </bean> <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> <property name="tokenProviders" ref="transportTokenProviders"/> <property name="tokenValidators" ref="transportTokenValidators"/> <property name="stsProperties" ref="transportSTSProperties"/> <property name="tokenStore" ref="defaultTokenStore"/> </bean> <bean id="transportCancelDelegate" class="org.apache.cxf.sts.operation.TokenCancelOperation"> <property name="tokenCancellers" ref="transportTokenCancellers"/> <property name="stsProperties" ref="transportSTSProperties"/> <property name="tokenStore" ref="defaultTokenStore"/> </bean> <util:list id="transportTokenProviders"> <ref bean="transportSCTProvider"/> </util:list> <util:list id="transportTokenValidators"> <ref bean="transportSCTValidator"/> </util:list> <util:list id="transportTokenCancellers"> <ref bean="transportSCTCanceller"/> </util:list> <bean id="transportSCTProvider" class="sts.BiPROTokenProvider"> <property name="returnEntropy" value="false" /> </bean> <bean id="transportSCTValidator" class="org.apache.cxf.sts.token.validator.SCTValidator"> </bean> <bean id="transportSCTCanceller" class="org.apache.cxf.sts.token.canceller.SCTCanceller"> </bean> <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> <property name="endpoints" ref="transportEndpoints"/> </bean> <util:list id="transportEndpoints"> <value>http://localhost:(\d)*/doubleit/services/doubleit.* </value> </util:list> <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore"> </bean> <bean id="encProperties" class="org.apache.cxf.sts.service.EncryptionProperties"> <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> </bean> <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> </bean> <bean id="sctInterceptor" class="org.apache.cxf.sts.interceptor.SCTInInterceptor"/> <bean id="sctOutInterceptor" class="org.apache.cxf.sts.interceptor.SCTOutInterceptor"/> <jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean" address="/STS" wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl" xmlns:ns1="http://www.bipro.net/namespace"; serviceName="ns1:SecurityTokenService_2.5.0.1.0" endpointName="ns1:UserPasswordLogin"> <jaxws:inInterceptors> <ref bean="sctInterceptor"/> </jaxws:inInterceptors> <jaxws:outInterceptors> <ref bean="sctOutInterceptor"/> </jaxws:outInterceptors> <jaxws:outFaultInterceptors> <ref bean="sctOutInterceptor"/> </jaxws:outFaultInterceptors> <jaxws:properties> <entry key="ws-security.callback-handler" value="sts.PasswordCallbackHandler" /> <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore"> <ref bean="defaultTokenStore"/> </entry> </jaxws:properties> <jaxws:features> <logging xmlns="http://cxf.apache.org/core"; /> <ref bean="transformFeature" /> </jaxws:features> </jaxws:endpoint> If I try to acces the services with a request containing username and pwd I got the message "*None of the policy alternatives can be satisfied.*" The request: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:bipro="http://www.bipro.net/namespace";> <wsse:Username>alice</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-387 username-token-profile-1.0#PasswordText">clarinet</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType> </wst:RequestSecurityToken> <soap:Body> <soap:Envelope> What I have to configure in cxf-servlet.xml to get things working? I could not change the WSDL while this is standard BiPRO. Thanks for your response, SRog -- View this message in context: http://cxf.547215.n5.nabble.com/Username-PWD-on-STS-tp5750076.html Sent from the cxf-user mailing list archive at Nabble.com.
