Hey, I am working with WIF 4.5 on the .NET platform using WSO2 Identity Server 5.3.0 as the WS-Trust STS. I am requesting that a security token be issued by the STS without specifying a token type, and am getting back a response that seems to use a mixture of SAML 1.0 and SAML 1.1 semantics. Is this expected?
Is there a way to set the default token type returned by the STS? StackOverflow post regarding my other issues, but clearly shows what I am talking about. https://stackoverflow.com/questions/46778393/requesting-a-saml-2-0-security-token-from-a-ws-trust-sts-using-wif-4-5 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; xmlns:a="http://www.w3.org/2005/08/addressing"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <s:Header> <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action> <a:MessageID>urn:uuid:bb24c76a-b737-4a9b-8526-26b84a28bbe8</a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1">https://localhost:9443/services/wso2carbon-sts</a:To> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; s:mustUnderstand="1"> <u:Timestamp u:Id="_0"> <u:Created>2017-10-17T14:50:01.517Z</u:Created> <u:Expires>2017-10-17T14:55:01.517Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-b6a803fc-b1fe-4186-8c3e-dcf4b1a647e5-1"> <o:Username>admin</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>admin</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:Address>http://localhost/myApp</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <trust:Claims xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity"; Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";> <i:ClaimType Uri="http://wso2.org/claims/givenname"; Optional="false"/> <i:ClaimType Uri="http://wso2.org/claims/emailaddress"; Optional="false"/> </trust:Claims> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> </trust:RequestSecurityToken> </s:Body> </s:Envelope> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-1"> <wsu:Created>2017-10-17T14:50:02.407Z</wsu:Created> <wsu:Expires>2017-10-17T14:55:02.407Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> <wsa:Action>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue</wsa:Action> <wsa:RelatesTo>urn:uuid:bb24c76a-b737-4a9b-8526-26b84a28bbe8</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <wst:RequestSecurityTokenResponseCollection xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wst:RequestSecurityTokenResponse> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType> <wst:RequestedAttachedReference> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_d8c5ef71f6665284b3ba5f7aca69f08b</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </wst:RequestedAttachedReference> <wst:RequestedUnattachedReference> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>_d8c5ef71f6665284b3ba5f7aca69f08b</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </wst:RequestedUnattachedReference> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:Address>http://localhost/myApp</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2017-10-17T14:50:02.236Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2017-10-17T14:55:02.236Z</wsu:Expires> </wst:Lifetime> <wst:RequestedSecurityToken> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; AssertionID="_d8c5ef71f6665284b3ba5f7aca69f08b" IssueInstant="2017-10-17T14:50:02.282Z" Issuer="https://localhost"; MajorVersion="1" MinorVersion="1"> <Conditions NotBefore="2017-10-17T14:50:02.236Z" NotOnOrAfter="2017-10-17T14:55:02.236Z"> <AudienceRestrictionCondition> <Audience>http://localhost/myApp</Audience> </AudienceRestrictionCondition> </Conditions> <AuthenticationStatement AuthenticationInstant="2017-10-17T14:50:02.236Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <Subject> <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod> </SubjectConfirmation> </Subject> </AuthenticationStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_d8c5ef71f6665284b3ba5f7aca69f08b"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind rw saml samlp typens #default xsd xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>8w9YHsb+YIyUCzGjqh6q0JrjxTI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Evm0H2+hOMWdsrK0Rp8HPCDDldMJ+AHPgv4hrqKW6IuPGFT25DhTRoIc+cPuerFOABYX5B1Om0v4VlmqsalpK2V7tdzHlrDbrOCiENL4FhdATd48o/IiRjde8XM0B7gHAIJoMSimg3Fc/jPXH4kyMsLAWM+l0GdK8VxKVLPtrhY=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Assertion> </wst:RequestedSecurityToken> </wst:RequestSecurityTokenResponse> </wst:RequestSecurityTokenResponseCollection> </soapenv:Body> </soapenv:Envelope> Regards, Jeffrey Schultz CACI Federal, Inc. 999 Waterside Drive, Suite 1200 Norfolk, VA 23510 Office: 757.533.5015 | Cell: 757.814.7658 [email protected]<mailto:[email protected]> "Question everything generally thought to be obvious."
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
