Hi, I'm new to CFX, STS, and WS-Trust. Please bear with me. I'm writing a piece of a sofware where some authentication via an STS server is involved. The user connects to the STS server and gets an XML document with root element <Assertion>. Then the user connects to my application and passes this XML document. My application is supposed to connect back to the STS server to validate the assertion presented by the user. I'm attaching a sample XML of how the SOAP message sent from my application to the STS has to look like.
The general question is, how can I use CFX to accomplish this? are some sample code available somewhere? In partcular, how to I insert that XML assertion in the SOAP envelop header using CFX? Thanks, Klaus. -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
<?xml version="1.0" encoding="UTF-8"?> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:a="http://www.w3.org/2005/08/addressing";> <s:Header> <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue </a:Action> <a:MessageID>urn:uuid:b35cf8bb-0585-4365-98c8-c3b7ec459acf </a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/07/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1">https://firedrill.windows.net/v2/wstrust/13/issuedtoken </a:To> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; s:mustUnderstand="1"> <u:Timestamp u:Id="_0"> <u:Created>2012-02-21T20:22:48.863Z</u:Created> <u:Expires>2012-02-21T20:27:48.863Z</u:Expires> </u:Timestamp> <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f4d876ac-8e6b-4e3b-2d18-12e8d013a110" IssueInstant="2012-02-03T20:10:27.361Z" Version="2.0"> <Issuer>DITFireDrill</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; /> <ds:Reference URI="#_f4d876ac-8e6b-4e0b-8dd8-12e8d013a110"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; /> <ds:DigestValue>SYaU+ekahk1wJ0SQRRQ/iHKtIiSElyCX1LCcJevpK8Y= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>iF2zkKlSQmSxQz3gu8fqTacgsqhBnaOipU4jkEsZrzhnIAsE3oxsZtKl5mt8VgJ3MVmn/hfMpnu98YNw1W36ac7Lzqi75T7CbjxrBMKuIzb32XiuOkoydVSHZh2W2DZJ5sn8tsv0ytSw1Rk+mTH0VosUkdB1yf4Capdnx5FfFOyTwruzrnGqPyijTj6ksPA7mIaMGLFyJxA7BC5KrJFP9z6OShmqIGFg86MwFmYSU9CS90aFDb7St/uZCKwIIIRyaeMnCjPEH1YVh90LsPGccCrMihf5Aqj+qFNXaOEYjFBFcv4JIXVydzl4/u89EwcPP745NIzLTI6tRA+grCRJ8Q== </ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509Data> <X509Certificate>MIIC5jCCAc6gAwIBAgIQG1LSGnIU8K5LqWsp+AxUtDANBgkqhkiG9w0BAQUFAnDAcMRowGAYDVQQDExFRQTJBUFAyNy5SQi5sb2NhbDAeFw0xMTEyMTYxOTU5NTdaFw0xMjEyMTYwMDAwMDBaMBwxGjAYBgNVBAMTEVFBMkFQUDI3LlJCLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQYzuR0FMlV8cOcdY6S5Gqf98NeH9Tfp4wCyVpzqlahF99e5xNZD9+jumesQr4dSo1Fn42HrOclyNN3HG0+xmzC9PpN/RAXc8gqZu/FluMhJT3CnCeDe/912e2tUd/itVr//xrGOvPegTyofeB4/VAbLMSFR6DaGHn0hAatdsJvrEZQc86uHcY1E6ZVLC36JctKMDS2n9U2T0Y7LUHFjYDT9jIgUb=</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> <Subject> <NameID>2211676</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /> </Subject> <Conditions NotBefore="2012-01-03T20:10:26.767Z" NotOnOrAfter="2012-02-03T21:10:26.767Z"> <AudienceRestriction> <Audience>https://firedrill.net/</Audience> </AudienceRestriction> </Conditions> <AttributeStatement> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";> <AttributeValue>[email protected]</AttributeValue> </Attribute> </AttributeStatement> </Assertion> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue>YGqjbz+v/Hmode9rf1CJQdoYFTw=</DigestValue> </Reference> </SignedInfo> <SignatureValue>qCdZs4w2Vkim64LusUnaEgK7c8Tqa=</SignatureValue> <KeyInfo> <o:SecurityTokenReference xmlns:b="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; b:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_1138ef24-f83c-121b-ba6c-228c92256289</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> </Signature> </o:Security> </s:Header> <s:Body> <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <a:EndpointReference> <a:Address>90.23.10.201</a:Address> </a:EndpointReference> </wsp:AppliesTo> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer </trust:KeyType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue </trust:RequestType> </trust:RequestSecurityToken> </s:Body> </s:Envelope>
