See my previous response about using the Transport binding with a UsernameToken policy. The STS does not care what security policy is used to secure the endpoint, so it has no bearing whatsoever on issuing a token.
Colm. On Tue, Jul 24, 2012 at 1:58 PM, Gina Choi <[email protected]> wrote: > Hi Colm, > > I would like to confirm if I understand you correctly. So, do we need to > add following content to Fediz STS wsdl file to issue a token? At this > point we mostly interested in(minimum) issuing a a token. I am not sure if > we need to "Validate" operation to issue a RSTR. > > > <!-- 2.1.1.3 UsernameToken with timestamp, nonce and password hash --> > <wsp:Policy wsu:Id="DoubleItDigestPolicy"> > <sp:SupportingTokens> > <wsp:Policy> > <sp:UsernameToken sp:IncludeToken=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:HashPassword /> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:Policy> > <wsdl:binding name="DoubleItDigestBinding" type="tns:DoubleItPortType"> > <wsp:PolicyReference URI="#DoubleItDigestPolicy" /> > <soap:binding style="document" > transport="http://schemas.xmlsoap.org/soap/http"; /> > <wsdl:operation name="Issue"> > <soap:operation soapAction=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; /> > <wsdl:input> > <soap:body use="literal" /> > </wsdl:input> > <wsdl:output> > <soap:body use="literal" /> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > > > Thanks. > > Gina > On Tue, Jul 24, 2012 at 6:34 AM, Colm O hEigeartaigh <[email protected] > >wrote: > > > You could use a SecurityPolicy that just requires a UsernameToken > without a > > binding. For example see the policy "<!-- 2.1.1.3 UsernameToken with > > timestamp, nonce and password hash -->" starting on line 214: > > > > > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup > > > > Of course, in practise one would combine a UsernameToken with the > Transport > > binding to secure the message exchange... > > > > Colm. > > > > On Mon, Jul 23, 2012 at 4:41 PM, Sarafian <[email protected] > > >wrote: > > > > > I have a C# code that asks the STS for a token using username password > > > credentials. > > > I'm using the UT or UTEncrypted endpoints but I get this error: > > > > > > These policy alternatives can not be satisfied: > > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken > > > { > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp > > > : > > > Received Timestamp does not match the requirements > > > { > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding > > > : > > > Received Timestamp does not match the requirements > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts > : > > > {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED > > > { > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts > : > > > {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED > > > > > > Is there a way for the STS to be configured not to apply the above > > > policies? > > > Is there another endpoint for these kind of things? > > > > > > I simply want to use a username/password credential combination to > > request > > > a > > > security token. > > > > > > > > > > > > > > > -- > > > View this message in context: > > > > > > http://cxf.547215.n5.nabble.com/RequestSecurityToken-without-Encrypting-and-Signing-tp5711426.html > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
