Re: RequestSecurityToken without Encrypting and Signing

Mon, 23 Jul 2012 14:05:13 -0700 

 I looked at "Input_policy" in Fediz STS wsdl file which is referenced by
all bindings. So, it looks like that have to encrypt and sign RST. Could
someone confirm this please?


   <wsp:Policy wsu:Id="Input_policy">

      <wsp:ExactlyOne>

         <wsp:All>

            <sp:SignedParts

               xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>

               <sp:Body />

               <sp:Header Name="To"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="From"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="FaultTo"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="ReplyTo"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="MessageID"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="RelatesTo"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

               <sp:Header Name="Action"

                  Namespace="http://www.w3.org/2005/08/addressing"; />

            </sp:SignedParts>

            <sp:EncryptedParts

               xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>

               <sp:Body />

            </sp:EncryptedParts>

         </wsp:All>

      </wsp:ExactlyOne>

   </wsp:Policy>


On Mon, Jul 23, 2012 at 11:41 AM, Sarafian <[email protected]>wrote:

> I have a C# code that asks the STS for a token using username password
> credentials.
> I'm using the UT or UTEncrypted endpoints but I get this error:
>
> These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> :
> Received Timestamp does not match the requirements
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding
> :
> Received Timestamp does not match the requirements
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts:
> {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts:
> {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
>
> Is there a way for the STS to be configured not to apply the above
> policies?
> Is there another endpoint for these kind of things?
>
> I simply want to use a username/password credential combination to request
> a
> security token.
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/RequestSecurityToken-without-Encrypting-and-Signing-tp5711426.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>

Reply via email to