coheigea wrote: > > Hi Sumit, > > Please submit a patch and I'll be happy to review it. > > Here is the patch https://issues.apache.org/jira/browse/CXF-3635 > >> f) Also the security token received from service is encrypted as per >> http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap, and WSS4j >> dosent >> support it, so you need to wite logic to decrypt it. > > I'd prefer to push this out to WSS4J rather than implement it in CXF > if possible. > > Currently it is with the STS client, feel free to push it to WSS4j. > > Thanks, > > Colm. > > On Sun, Jun 26, 2011 at 5:18 AM, Sumit Pathak > <[email protected]> wrote: >> I have this working:- >> a) What i was doing wrong is using Spnego token straight as security >> token >> to sign and encrypt, and passing that as a Binary header. >> b Where as this token should be used to get the secure token from the end >> point, see spec >> http://schemas.xmlsoap.org/ws/2005/02/trust/spnego/WSTrustForSPNego.pdf, >> for >> more details. >> c) Also see >> http://blog.facilelogin.com/2008/11/secure-conversation-with-wcf.html to >> see >> the message exchnage between the client and secrvice for the security >> token >> issue. >> d) If you set context.requestMutualAuth(Boolean.FALSE) while setting up >> the >> context between the client during GSS API calls, than only one pass >> initialization , would happen and you will get the security token. >> e) Make sure to Base64 decode the security token received from the >> service. >> f) Also the security token received from service is encrypted as per >> http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap, and WSS4j >> dosent >> support it, so you need to wite logic to decrypt it. >> g) Decrypting that token is as simple as calling context.unwrap() method >> on >> the received token. >> >> I think most of the things are supported in cxf for secure conversation >> get >> used here, we just need to provide correct hooking, i am more than happy >> to >> push this stuff into cxf, let me know if this is needed. >> >> Let me know in case if anybody needs any other info. >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/SpnegoContextToken-Security-Token-support-for-CXF-tp569273p4525041.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> > > > > -- > Colm O hEigeartaigh > > http://coheigea.blogspot.com/ > Talend - http://www.talend.com >
-- View this message in context: http://cxf.547215.n5.nabble.com/SpnegoContextToken-Security-Token-support-for-CXF-tp569273p4557310.html Sent from the cxf-user mailing list archive at Nabble.com.
