And saw that Microsoft's response on CXF interop is that they don't test against CXF currently: http://wcf.codeplex.com/discussions/261520
On Fri, Sep 9, 2011 at 2:09 PM, Samyem Tuladhar <[email protected]> wrote: > I noticed that there is a CXF supplied AssertionBuilder for KerberosToken > at > > > https://svn.apache.org/repos/asf/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KerberosTokenBuilder.java > > which gave me a hint to attempt to modify the binding configuration in WCF > using the WCF interop express<http://wcf.codeplex.com/releases/view/68276>as: > > <wso2InteropBinding> > <binding name="serviceBinding"> > <security pattern="Kerberos" /> > </binding> > </wso2InteropBinding> > > which adds the "KerberosToken" policy in the WSDL and this removed the "No > assertion builder for type" warning from CXF, but it still failed with "None > of the policy alternatives can be satisfied. " Would there be another > alternative policy that the WCF interop binding can work with? I've added a > new issue on WCF's side as well: http://wcf.codeplex.com/workitem/71 > <http://wcf.codeplex.com/workitem/71> > > > On Fri, Sep 9, 2011 at 1:45 PM, Daniel Kulp [via CXF] < > [email protected]> wrote: > >> On Wednesday, September 07, 2011 11:16:47 AM samyem wrote: >> > Hi Daniel, >> > I had not thought about that and now viola - with the policy element >> taken >> > out of the WSDL manually, the NTLM works even without a >> > "jcifs.Config.registerSmbURLHandler()" under JDK 1.5. So is there a way >> to >> > get CXF to work with the Policy tags as is in the WSDL? >> >> You would need to write the WS-Policy support for it for CXF. If >> interested, >> this is something that you could submit back to CXF once you get it work. >> >> Some overview: >> http://cxf.apache.org/docs/ws-policy-framework-overview.html >> (although some of that may be out of date) >> >> >> Basically, you would write a NTLMToken object and an NTLMTokenBuilder. >> You >> could use the Https versions in: >> >> >> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ >> >> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ >> >> as starting points. They write an InterceptorProvider for it that would >> provide an interceptor that would verify that NTLM was being used and such >> and >> assert the policies. Example again would be HTTPS: >> >> >> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors >> >> >> Dan >> >> >> >> > I got the following >> > test code on the WCF side: >> > >> > public static void Main(){ >> > Uri baseAddress = new Uri("http://localhost/cxfTest";); >> > >> > using (ServiceHost host = new ServiceHost(typeof(Service1), >> baseAddress)) >> > { >> > ServiceMetadataBehavior smb = new ServiceMetadataBehavior(); >> > smb.HttpGetEnabled = true; >> > smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15; >> > host.Description.Behaviors.Add(smb); >> > >> > BasicHttpBinding httpBinding = new BasicHttpBinding(); >> > httpBinding.Security.Mode = >> > BasicHttpSecurityMode.TransportCredentialOnly; >> > httpBinding.Security.Transport.ClientCredentialType = >> > HttpClientCredentialType.Windows; >> > host.AddServiceEndpoint(typeof(IService1), httpBinding, >> baseAddress); >> > >> > >> host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = >> > UserNamePasswordValidationMode.Windows; >> > >> > host.Open(); >> > >> > Console.WriteLine("Service running at {0}", baseAddress); >> > Application.Run(); >> > host.Close(); >> > } >> > } >> > >> > Which adds the policy tags in WSDL as: >> > >> > <wsp:Policy wsu:Id="BasicHttpBinding_IService1_policy"> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <http:NegotiateAuthentication >> > >> xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"; /> >> >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > >> > When this tag is manually commented out and the references to it >> removed, >> > then CXF was happy and the WCF service was also able to pick up the NTLM >> >> > context at >> OperationContext.Current.ServiceSecurityContext.WindowsIdentity. >> > But keeping the WSDL with the Policy tag produces the original >> exception. >> > >> > -- >> > View this message in context: >> > >> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671 >> > p4779559.html Sent from the cxf-user mailing list archive at Nabble.com. >> >> -- >> Daniel Kulp >> [hidden email] <http://user/SendEmail.jtp?type=node&node=4787196&i=0> >> http://dankulp.com/blog >> Talend - http://www.talend.com >> >> >> ------------------------------ >> If you reply to this email, your message will be added to the discussion >> below: >> >> http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787196.html >> To unsubscribe from NTLM security between WCF and CXF, click >> here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4763671&code=c2FteWVtQGdtYWlsLmNvbXw0NzYzNjcxfDkxNzMxMjUyMQ==>. >> >> > > -- View this message in context: http://cxf.547215.n5.nabble.com/NTLM-security-between-WCF-and-CXF-tp4763671p4787361.html Sent from the cxf-user mailing list archive at Nabble.com.
