Massimiliano Masi wrote: > Hi, > > Quoting Ruchith Fernando <[EMAIL PROTECTED]>: > >> Hi, >> >> Did you add an AttachedReference or an UnattachedReference element in >> the RSTR created by your custom issuer? > > No... Is there an example? But why I've to attach a reference > to the security token returned? You mean a wsse:security token reference? > > I'm a bit confused on what is the reference. >
You have to add these references according to the WS-Trust specification. Please have a look at this [1] for an example : -------------------------------------------------- TrustUtil.createRequestedAttachedRef(wstVersion,rstrElem,"#"+sct.getID(),tokenType); TrustUtil.createRequestedUnattachedRef(wstVersion,rstrElem,sct.getIdentifier(),tokenType); -------------------------------------------------- Thanks, Ruchith [1] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java >> >> Can you please send the response produced by your issuer? >> > > > Yes, this is the response. > > <?xml version='1.0' encoding='utf-8'?> > <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> > <soapenv:Body> > <wst:RequestSecurityTokenResponse > xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> > <wst:TokenType>oasis:names:tc:SAML:2.0:assertion</wst:TokenType> > <wsp:AppliesTo > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsa:EndpointReference > xmlns:wsa="http://www.w3.org/2005/08/addressing";> > > <wsa:Address>http://localhost:8080/SpiritXUAServer/services/XDSb</wsa:Address> > > </wsa:EndpointReference> > </wsp:AppliesTo> > <wst:Lifetime> > <wsu:Created > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2007-10-13T12:50:24.487Z</wsu:Created> > > <wsu:Expires > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2007-10-13T12:50:24.497Z</wsu:Expires> > > </wst:Lifetime> > <wst:RequestedSecurityToken> > <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > ID="_47ac6d119b053a57619f25072f9b394c" > IssueInstant="2007-10-13T12:50:24.442Z" Version="2.0"> > <saml:Issuer > Format="urn:oasis:names:SAML:2.0:nameid-format:entity" > SPProvidedID="spirit-idp">Address: > http://localhost:8080/axis2/services/SpiritIdentityProvider</saml:Issuer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#_47ac6d119b053a57619f25072f9b394c"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";> > <ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml" /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> > > <ds:DigestValue>v1HtgO4Q5Y2JKRiNaPJ6rlyrPD2y4Fh3cFiL8CTYG48=</ds:DigestValue> > > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > > ncmmE+m6alVc0BNYUiGzGPGqNsdnvKNZ6LhQGfjxLGeDHJzb7D1uUi3GZ4gfO6ZND23PmXpDPKaZ > > WWSZVvKqWQ== > </ds:SignatureValue> > </ds:Signature> > <saml:Subject> > <saml:NameID>client</saml:NameID> > <saml:SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /> > </saml:Subject> > <saml:Conditions NotBefore="2007-10-13T12:50:24.442Z" > NotOnOrAfter="2007-10-13T13:50:24.442Z"> > <saml:AudienceRestriction> > > <saml:Audience>http://localhost:8080/SpiritXUAServer/services/XDSb</saml:Audience> > > </saml:AudienceRestriction> > </saml:Conditions> > <saml:AuthnStatement AuthnInstant="2007-10-13T12:50:24.442Z" > SessionNotOnOrAfter="2007-10-13T13:50:24.442Z"> > <saml:AuthnContext> > > <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:kerberos</saml:AuthnContextClassRef> > > </saml:AuthnContext> > </saml:AuthnStatement> > </saml:Assertion> > </wst:RequestedSecurityToken> > </wst:RequestSecurityTokenResponse> > </soapenv:Body> > </soapenv:Envelope> > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > >
signature.asc
Description: OpenPGP digital signature
