Hi Colm,
I would like to confirm if I understand you correctly. So, do we need to
add following content to Fediz STS wsdl file to issue a token? At this
point we mostly interested in(minimum) issuing a a token. I am not sure if
we need to "Validate" operation to issue a RSTR.
<!-- 2.1.1.3 UsernameToken with timestamp, nonce and password hash -->
<wsp:Policy wsu:Id="DoubleItDigestPolicy">
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
<wsdl:binding name="DoubleItDigestBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItDigestPolicy" />
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"; />
<wsdl:operation name="Issue">
<soap:operation soapAction="
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
Thanks.
Gina
On Tue, Jul 24, 2012 at 6:34 AM, Colm O hEigeartaigh <[email protected]>wrote:
> You could use a SecurityPolicy that just requires a UsernameToken without a
> binding. For example see the policy "<!-- 2.1.1.3 UsernameToken with
> timestamp, nonce and password hash -->" starting on line 214:
>
>
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
>
> Of course, in practise one would combine a UsernameToken with the Transport
> binding to secure the message exchange...
>
> Colm.
>
> On Mon, Jul 23, 2012 at 4:41 PM, Sarafian <[email protected]
> >wrote:
>
> > I have a C# code that asks the STS for a token using username password
> > credentials.
> > I'm using the UT or UTEncrypted endpoints but I get this error:
> >
> > These policy alternatives can not be satisfied:
> > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken
> > {
> >
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> > :
> > Received Timestamp does not match the requirements
> > {
> >
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding
> > :
> > Received Timestamp does not match the requirements
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts:
> > {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
> > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts:
> > {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
> >
> > Is there a way for the STS to be configured not to apply the above
> > policies?
> > Is there another endpoint for these kind of things?
> >
> > I simply want to use a username/password credential combination to
> request
> > a
> > security token.
> >
> >
> >
> >
> > --
> > View this message in context:
> >
> http://cxf.547215.n5.nabble.com/RequestSecurityToken-without-Encrypting-and-Signing-tp5711426.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
