Hi Amila, thanks for your response. So you suggest to use http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT, instead of http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue<http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT>? I've already think about this, but i don't understand what are the advantages that i get using SCT action, rather than Issue action, if you could explain me, i really appreciate.
2012/2/9 Amila Jayasekara <ami...@wso2.com> > Above could be a possible solution. But let me briefly describe how > existing Rampart handles, this. In the current Rampart engine we have > a specific client called “STSClient” [2]. STSClient is responsible for > creating “RequestSecurityToken” with appropriate data. “STSClient” > also sets an special action > (http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT). If there is a > security policy attached to STS client it will process approprate > security and send. Once server side receives the message it will first > process the security headers coming with “RequestSecurityToken”. (I > guess in your case you have to modify this code to work without > security headers for “ RequestSecurityToken”). This is a useful suggestion, but i'm not sure of which part of code i have to modfy. Do you mean i have to modify rampart handler, to make it work without security header? If i can do this, it could be a good way. And then, modifying STSMessageReceiver, i could be able to establish an exchange of RequestSecurityTokenReponse between STSClient and STSMessageReceiver, are you suggesting this way? Another doubt: with this scenario, i don't have to implement any Issuer? Thank you very much! Filippo A. > Once security headers > are processed, message will be routed to “STSMessageReceiver” [1] > (Rampart identifies that message should be routed to > STSMessageReceiver by looking at the action). “STSMessageReceiver” is > responsible for processing “ RequestSecurityToken” and creating > “RequestSecurityTokenResponse”. As per now we have a single round. But > in your case you need to have several rounds of message exchanges > before you negotiate a secret (establing a context). > In summary, within Rampart we are handling communication with STS > using a client and a message receiver. As per my understanding you > should also be able to extend the current “ STSMessageReceiver” > implementation and implement your logic. > > > > > > > Any idea, suggestions is very very appreciated! Sorry for the lenght of > this > > message!!! > > Thank a lot in advance, > > > > Best regards > > > > Filippo Agazzi > > > > > > 2012/2/8 Prabath Siriwardena <prab...@wso2.com> > >> > >> Hi George, > >> > >> Sure.. you are somewhat out dated :-) > >> > >> The rampart STS has support for WS-Trust 1.3 as well as some parts of > the > >> WS-Trust 1.4 and we ship this with WSO2 Identity Server product - and > the > >> STS been used in real production scenarios.. > >> > >> Hi Flippo, > >> > >> Yes, as you mentioned your requirement is not supported yet.. But we can > >> help you building it.. Please provide further insights in to the > >> requirement... > >> > >> Thanks & regards, > >> -Prabath > >> > >> On Wed, Feb 8, 2012 at 8:29 AM, George Stanchev <gstanc...@serena.com> > >> wrote: > >>> > >>> Hi Filippo, > >>> > >>> > >>> > >>> I don’t believe the Axis2 STS is mature enough to support what you are > >>> asking about. Neither rampart contains a general-purpose WS-Trust > client. > >>> AFAIK the main purpose of the Axis2 STS is to server SCTs for > >>> WS-SecureConversation. Granted, I’ve stopped following its development > for a > >>> while so others might correct me if I am wrong. > >>> > >>> > >>> > >>> I am not sure anything you ask for is available as open source. You can > >>> try checking out the Apache CFX STS implementation which was donated by > >>> Talend which could be more mature. CXF also might have a more mature > client. > >>> Other than that, you can also check Sun’s OpenSSO or any other more > >>> comprehensive SSO implementation. [1] contains some starting point > links. > >>> > >>> > >>> > >>> George > >>> > >>> > >>> > >>> > >>> > >>> [1] http://kantarainitiative.org/wordpress/programs/iop-saml/ > >>> > >>> > >>> > >>> From: FILIPPO AGAZZI [mailto:filippo.aga...@studenti.unipr.it] > >>> Sent: Tuesday, February 07, 2012 7:28 AM > >>> To: java-user@axis.apache.org > >>> Subject: [Axis2] [Rampart] ws-trust negotiation and challenge extension > >>> support > >>> > >>> > >>> > >>> Hi all, > >>> i'm Filippo Agazzi, an Informatic Engineer student at University of > >>> Parma, Italy. i'm working on a thesis about "Automated trust > negotiation > >>> using ws-* standard", and i need, as a basis, to have a client and a > service > >>> (probably a STS), challenging each other and exchanging multiple > >>> RequestSecurityTokenReponse message, before a final message is sent by > the > >>> service to the client. I see that ws-Trust includes a negotation and > >>> challenge framework; so my question is: is there any support or > >>> implementation in axis2 and rampart (rahas) for this ws-trust > extension? > >>> I've already studied and successfully run the samples in rampart > >>> distribution, for example "sample05", where client asks for a saml > token to > >>> a STS; but that is a single round trip, instead i need more rounds and > i > >>> need to insert xml custom element (for example wsp:Policy element) in > >>> RequestSecurityToken and RequestSecurityTokenReponse messages. Here > the link > >>> to the standard section i refer to : > >>> > http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/os/ws-trust-1.4-spec-os.html#_Toc212615468 > . > >>> > >>> Eventhough there isn't any support/implementation in Axis2 for ws-trust > >>> negotation and challeng extension, someone have any ideas on how this > can be > >>> done? Anyone, plese, can indicate me a way on how implement this? I've > >>> searched a lot and widely on the web, but i can't find nothing really > >>> useful, so i'm hard blocked on this point. > >>> > >>> Thank you very much in advance. > >>> > >>> Best regards. > >>> > >>> Filippo Agazzi > >>> > >>> > >> > >> > >> > >> > >> -- > >> Thanks & Regards, > >> Prabath > >> > >> Mobile : +94 71 809 6732 > >> > >> http://blog.facilelogin.com > >> http://RampartFAQ.com > >> > > > > > > -- > Mobile : +94773330538 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org > For additional commands, e-mail: java-user-h...@axis.apache.org > >
