Axis 2 1.7.9 and Rampart 1.7.1 are very old and a difficult combo. Rampart is going through a very major refactoring right now, including upgrading OpenSAML and WSS4J to the latest. See RAMPART-449. See the github Rampart repo to follow along. Right now the focus is fixing the unit tests.
Any type of Bearer auth requires code to get the token out of the header, and the only place in Rampart I see that is in the SAML code. If you can show us a sample payload, and show us the error in the logs that you receive, it is possible that we could get these features to work - however this is open source and it is likely we will need help to get Rampart to fulfill the requirement you have. On Tue, Aug 8, 2023 at 9:23 AM Brian Bertram <brian.bert...@alight.com.invalid> wrote: > We are currently leveraging axis2 release 1.7.9 and rampart 1.7.1 to help > with making soap calls. We have working code that uses basic > authentication (username/password). > > > > We are trying to update our program to use oAuth 2.0 instead of > username:password. We have it setup in the endpoint and we have the Client > Id, Client Secret and Refresh Token. We updated the java code to remove > the username:password from being set and added a Property for > HEADER_AUTHORIZATION with Bearer <access token we got back using the Client > Id, Client Secret and Refresh Token>. No changes were made to the > axis2.xml and policy.xml files. > > > > If we run the java program the response back is an invalid username and > password error. If we take the access token and the Soap request that was > created from the running of the program, which hits the invalid username or > password error, and run it in SOAPUI and/or Postman the responses come back > successfully and with data as we would expect. > > > > So I had a few Questions that I am not finding in the documentation. > > Are the axis2.xml and/or policy.xml files needed for oauth? > > If yes then are there updates needed to the axis2.xml and/or policy.xml to > get oauth to work? > > Are there other updates needed to the java code besides for setting the > Header Authorization to have a value of Bearer <access token we got back > using the Client Id, Client Secret and Refresh Token>? > > > > *Thank you for the help* > > >
