Hi Nandana, Thanks for your answers. By STS do you mean the web service that I will call to authenticate? If so ,that part is clear for me . I need to pass the the username and password to that service and it returns me the security token and user id back .. Then I need to build the binarySecurityToken using these values. Is there any document that you can suggest for WS-Trust? The other thing , instead of dealing with all these details I tried to building the soap headers manually and it worked fine. I mean I am creating the OMElements and adding them to the client using addHeader method of it. Is this something suggestible? Should I avoid building the WS-Security and WS-Addressing headers manually?
Thanks From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2008 5:10 PM To: [email protected] Subject: Re: WS-Security with WSDL file that doesn't contain the policies Hi Soyer, Yes, you can do this. You can use WS - Trust support in Apache Rampart to do this. But your binary token "NGX-SecurityToken-Value" seems to be a custom one. So need to know what are the exact parameters you need to send to the STS ( the web service that issue security tokens). thanks, nandana On Thu, Sep 11, 2008 at 1:39 PM, Soyer, Muhammed A. <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: I learnt some extra things, I first call a different web service to obtain some ticket (BinarySecurityToken) then I use this token in the following web calls. How can I do this? Thanks From: Soyer, Muhammed A. Sent: Thursday, September 11, 2008 1:47 PM To: '[email protected]<mailto:[email protected]>' Subject: RE: WS-Security with WSDL file that doesn't contain the policies IS it possible to figure out something from a sample header? What is binarySecurityToken ? Is it something custom or a generic thing? Thanks <wsu:Timestamp wsu:Id="Timestamp-172be5bd-07e8-42e3-b4a8-07c13b9f7013"> <wsu:Created>2008-09-03T12:30:09Z</wsu:Created> <wsu:Expires>2008-09-03T12:30:39Z</wsu:Expires> </wsu:Timestamp> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:BinarySecurityToken ValueType="NGX-SecurityToken-Value" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityToken-5aec1e4b-e2ad-43e9-903e-40519d328f9a">VILLfdssM027/jJb+iaYGg+M82bLdH1CkcT0yr3rkh0RAAAAAAAAAG4XXx6W1LJNglfYnWWkuck=</wsse:BinarySecurityToken> </wsse:Security> From: keith chapman [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, September 11, 2008 1:24 PM To: [email protected]<mailto:[email protected]> Subject: Re: WS-Security with WSDL file that doesn't contain the policies If the WSDL does not advertise the policy then you will have speak to the guys who host the service and get the required security configurations. ;). There is no other way that you will know what to send to the other end. Its better if they can give you the security configuration as a policy file. Thanks, Keith. On Thu, Sep 11, 2008 at 10:40 PM, Soyer, Muhammed A. <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hi, I have a WSDL file which doesn't have the security policies in it. But the server requires me to include the WSSE headers. They are using WSE3 on .Net at the server side. I am trying with rampart and confused about the possibility of achieving this with the WSDL file without the policies. Is it possible? I am using axis 1.4.1 and rampart 1.4 Thanks -- Keith Chapman Senior Software Engineer WSO2 Inc. Oxygenating the Web Service Platform. http://wso2.org/ blog: http://www.keith-chapman.org
