Hi Yogesh, I don't think RequestType should be added by default to the response based on a comment in the schema. However, I do think that we need a more extensible mechanism to allow the user to return other things in the response. Perhaps via a Callback mechanism...
Colm, On Thu, Dec 6, 2012 at 5:02 PM, ychawla <[email protected]> wrote: > Hello All, > I am working on an STS and I have a requirement that my > RequestSecurityTokenResponse includes a RequestType in it. The current > generated response by CXF produces: > > <RequestSecurityTokenResponse> > > <TokenType> > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 > </TokenType> > <RequestedSecurityToken> > > > I looked at the WS-Trust schema here: > > http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd > > The 'RequestSecurityTokenResponseType' basically allows xs:any. Here is > their exact language with Request Type bolded: > > /Actual content model is non-deterministic, hence wildcard. The following > shows intended content model: > > <xs:element ref='wst:TokenType' minOccurs='0' /> > *<xs:element ref='wst:RequestType' />* > <xs:element ref='wst:RequestedSecurityToken' minOccurs='0' /> > / > MinOccurs is not set on RequestType so it would default to one. I have > looked online and I have seen many token issues without this value set but > it seems like it wouldn't hurt to set it. > > In the 'TokenIssueOperation' class, the following lines which are bolded > can > be added to the 'createResponse' private method: > > RequestSecurityTokenResponseType response = > > QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType(); > > String context = tokenRequirements.getContext(); > if (context != null) { > response.setContext(context); > } > > * // RequestType > JAXBElement<String> jaxbRequestType = > > QNameConstants.WS_TRUST_FACTORY.createRequestType(" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";); > response.getAny().add(jaxbRequestType); > * > // TokenType > JAXBElement<String> jaxbTokenType = > > > QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType()); > response.getAny().add(jaxbTokenType); > > What do you think? I can also make this configurable similar to what is > done with 'returnReferences' but I think the RequestType should be added by > default. > > I can submit a JIRA and patch for this. > > Thanks, > Yogesh > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-STS-RequestSecurityTokenResponse-and-RequestType-tp5719848.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
