Hi,
Did you add in your STS policy something like:
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-s
x/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
Quoting Håkon Sagehaug <hakon.sageh...@bccs.uib.no>:
Hi all,
I wanted to add username/password token in my request to my sts service. I'm
using the STSClient from rahas and tried with this
Options options = new Options();
options.setUserName("user");
options.setPassword("pass");
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("policy/sts_policy.xml"));
stsClient.setOptions(options);
But the messages don't have a security header.
Alos how should I configure the callback handler, since it need to both
validate the username password and fetch the certificate for validating the
signed message. Should it be something like this
if(pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN){
/* Do password validation*/
}
if(pwcb.getUsage() == WSPasswordCallback.SIGNATURE){
/* Do set password for keystore*/
}
cheers, Håkon
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
