What does the WS-SecurityPolicies in the wsdl for this client look like? Is there an "IssuedToken" thing in there, most likely as a supporting token?
The sample things are all designed around using the security policy stuff to drive the security requirements. If the policies say it needs an IssuedToken, it will go off to the STS to get one. If you aren't use the SecurityPolicy stuff to drive this, things will be MUCH more complex (and I'd have to dig into a lot of code to figure things out). You can always just create a new STSClient, call all the "setter" things on it and call the requestSecurityToken method on it to get a token. The problem will be using that token. If you aren't doing anything fancy, you could just grab the token Element out of it, wrapper it with your own ws-security header element and add it to the SOAP message using one of the "normal" methods for adding a header in CXF. (see FAQ) Dan On Thu January 21 2010 12:17:54 pm Jonathan Bricker wrote: > I'm trying to set up a CXF client to get a Secure Token from a ADFS 2.0 > server. The samples given in the user manual and code samples in the CXF > download are very incomplete or vague. If anyone has some experience in > setting up the properties to connect to a STS I would appreciate the help. > > The client I'm working on is taken from the code examples ( > trust13/PingService ). The STS is just looking for a simple > username/password with no frills (certs, encryption, ect). > > The client.xml has this set up modified from the code sample. When I run > the application it will call the WS but does not seem to be contacting the > STS. The examples do not have the STSClient being call directly but made > from the client.xml properties. > > > <bean id="OasisScenario4Binding_IPingServiceContract-sts" > class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="wsdlLocation" value=" > https://ice-w2k8poc1.rfp.icepoc.com/adfs/services/trust/mex"/> > <property name="serviceName" value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}usern > amemixed "/> > <property name="endpointName" value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserN > ameWSTrustBinding_IWSTrust13Async "/> > <!--<property name="properties"> > https://ice-w2k8poc1.rfp.icepoc.com/adfs/services/trust/13/usernamemixed > </wsa10:Address> > </wsa10:EndpointReference> > > <map> > <entry key="ws-security.callback-handler" > value="interop.client.KeystorePasswordCallback"/> > <entry key="ws-security.signature.properties" > value="etc/alice.properties"/> > <entry key="ws-security.encryption.properties" > value="etc/wssip.properties"/> > </map> > </property>--> > </bean> > > <jaxws:client name="UserNameWSTrustBinding_IPingServiceContract" > createdFromAPI="true"> > <jaxws:properties> > <entry key="ws-security.sts.client"> > <!-- direct STSClient config and creation --> > <bean class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="wsdlLocation" value=" > https://ice-w2k8poc1.rfp.icepoc.com/adfs/services/trust/mex"/> > <property name="serviceName" value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}usern > amemixed "/> > <property name="endpointName" value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}UserN > ameWSTrustBinding_IWSTrust13Async_policy "/> > <property name="properties"> > <map> > <entry key="ws-security.username" > value="AMP\eb96409"/> > <entry key="ws-security.password" > value="password"/> > <!--<entry key="ws-security.callback-handler" > value="interop.client.KeystorePasswordCallback"/> > <entry key="ws-security.signature.properties" > value="etc/alice.properties"/> > <entry key="ws-security.encryption.properties" > value="etc/bob.properties"/>--> > </map> > </property> > </bean> > </entry> > </jaxws:properties> > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
