How WS-SecureConversation fits in here. Similar type of tokens are supposed to be exchanged.
I think Ramprt supports ws-SecureConversation. ________________________________ From: FILIPPO AGAZZI <filippo.aga...@studenti.unipr.it> To: java-user@axis.apache.org Sent: Thursday, 9 February 2012, 12:03 Subject: Re: [Axis2] [Rampart] ws-trust negotiation and challenge extension support Hi Amila, thanks for your response. So you suggest to use http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT, instead of http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue ? I've already think about this, but i don't understand what are the advantages that i get using SCT action, rather than Issue action, if you could explain me, i really appreciate. 2012/2/9 Amila Jayasekara <ami...@wso2.com> >Above could be a possible solution. But let me briefly describe how >existing Rampart handles, this. In the current Rampart engine we have >a specific client called “STSClient” [2]. STSClient is responsible for >creating “RequestSecurityToken” with appropriate data. “STSClient” >also sets an special action >(http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT). If there is a >security policy attached to STS client it will process approprate >security and send. Once server side receives the message it will first >process the security headers coming with “RequestSecurityToken”. (I >guess in your case you have to modify this code to work without >security headers for “ RequestSecurityToken”). This is a useful suggestion, but i'm not sure of which part of code i have to modfy. Do you mean i have to modify rampart handler, to make it work without security header? If i can do this, it could be a good way. And then, modifying STSMessageReceiver, i could be able to establish an exchange of RequestSecurityTokenReponse between STSClient and STSMessageReceiver, are you suggesting this way? Another doubt: with this scenario, i don't have to implement any Issuer? Thank you very much! Filippo A. Once security headers >are processed, message will be routed to “STSMessageReceiver” [1] >(Rampart identifies that message should be routed to >STSMessageReceiver by looking at the action). “STSMessageReceiver” is >responsible for processing “ RequestSecurityToken” and creating >“RequestSecurityTokenResponse”. As per now we have a single round. But >in your case you need to have several rounds of message exchanges >before you negotiate a secret (establing a context). >In summary, within Rampart we are handling communication with STS >using a client and a message receiver. As per my understanding you >should also be able to extend the current “ STSMessageReceiver” >implementation and implement your logic. > > > > >> >> Any idea, suggestions is very very appreciated! Sorry for the lenght of this >> message!!! >> Thank a lot in advance, >> >> Best regards >> >> Filippo Agazzi >> >> >> 2012/2/8 Prabath Siriwardena <prab...@wso2.com> >>> >>> Hi George, >>> >>> Sure.. you are somewhat out dated :-) >>> >>> The rampart STS has support for WS-Trust 1.3 as well as some parts of the >>> WS-Trust 1.4 and we ship this with WSO2 Identity Server product - and the >>> STS been used in real production scenarios.. >>> >>> Hi Flippo, >>> >>> Yes, as you mentioned your requirement is not supported yet.. But we can >>> help you building it.. Please provide further insights in to the >>> requirement... >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Wed, Feb 8, 2012 at 8:29 AM, George Stanchev <gstanc...@serena.com> >>> wrote: >>>> >>>> Hi Filippo, >>>> >>>> >>>> >>>> I don’t believe the Axis2 STS is mature enough to support what you are >>>> asking about. Neither rampart contains a general-purpose WS-Trust client. >>>> AFAIK the main purpose of the Axis2 STS is to server SCTs for >>>> WS-SecureConversation. Granted, I’ve stopped following its development for >>>> a >>>> while so others might correct me if I am wrong. >>>> >>>> >>>> >>>> I am not sure anything you ask for is available as open source. You can >>>> try checking out the Apache CFX STS implementation which was donated by >>>> Talend which could be more mature. CXF also might have a more mature >>>> client. >>>> Other than that, you can also check Sun’s OpenSSO or any other more >>>> comprehensive SSO implementation. [1] contains some starting point links. >>>> >>>> >>>> >>>> George >>>> >>>> >>>> >>>> >>>> >>>> [1] http://kantarainitiative.org/wordpress/programs/iop-saml/ >>>> >>>> >>>> >>>> From: FILIPPO AGAZZI [mailto:filippo.aga...@studenti.unipr.it] >>>> Sent: Tuesday, February 07, 2012 7:28 AM >>>> To: java-user@axis.apache.org >>>> Subject: [Axis2] [Rampart] ws-trust negotiation and challenge extension >>>> support >>>> >>>> >>>> >>>> Hi all, >>>> i'm Filippo Agazzi, an Informatic Engineer student at University of >>>> Parma, Italy. i'm working on a thesis about "Automated trust negotiation >>>> using ws-* standard", and i need, as a basis, to have a client and a >>>> service >>>> (probably a STS), challenging each other and exchanging multiple >>>> RequestSecurityTokenReponse message, before a final message is sent by the >>>> service to the client. I see that ws-Trust includes a negotation and >>>> challenge framework; so my question is: is there any support or >>>> implementation in axis2 and rampart (rahas) for this ws-trust extension? >>>> I've already studied and successfully run the samples in rampart >>>> distribution, for example "sample05", where client asks for a saml token to >>>> a STS; but that is a single round trip, instead i need more rounds and i >>>> need to insert xml custom element (for example wsp:Policy element) in >>>> RequestSecurityToken and RequestSecurityTokenReponse messages. Here the >>>> link >>>> to the standard section i refer to : >>>> http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/os/ws-trust-1.4-spec-os.html#_Toc212615468. >>>> >>>> Eventhough there isn't any support/implementation in Axis2 for ws-trust >>>> negotation and challeng extension, someone have any ideas on how this can >>>> be >>>> done? Anyone, plese, can indicate me a way on how implement this? I've >>>> searched a lot and widely on the web, but i can't find nothing really >>>> useful, so i'm hard blocked on this point. >>>> >>>> Thank you very much in advance. >>>> >>>> Best regards. >>>> >>>> Filippo Agazzi >>>> >>>> >>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://RampartFAQ.com >>> >> > > > >-- >Mobile : +94773330538 > >--------------------------------------------------------------------- >To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org >For additional commands, e-mail: java-user-h...@axis.apache.org > >
