I think it makes sense to allow the user to pass through some Properties to the STSAuthenticationProvider, I will merge a fix for this. What is the error on processing the RSTR?
Colm. On Thu, Feb 13, 2014 at 9:46 AM, Hrbacek, Stepan <[email protected]>wrote: > Hi. > I needed to change the > org.apache.cxf.fediz.service.idp.STSAuthenticationProvider class and > hardcode the crypto properties and encryption username (certificate alias) > there. No other configuration option seems possible with the current Fediz > code. > ------------- org.apache.cxf.fediz.service.idp.STSAuthenticationProvider > -------------------- > @Override > public Authentication authenticate(Authentication authentication) > throws AuthenticationException { > ... > > sts.getProperties().put(SecurityConstants.USERNAME, > authentication.getName()); > sts.getProperties().put(SecurityConstants.PASSWORD, > (String)authentication.getCredentials()); > > // STS certificate needed for symmetric binding > sts.getProperties().put(SecurityConstants.ENCRYPT_USERNAME, > "ws-sec-comm.dirxaccess"); // 1 > sts.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES, > "stsKeystoreA.properties"); // 2 > > ... > } > --------------------------------- > > But then I have found that RSTR response cannot be processed in Fediz IDP > (and subsequently in WS-Federation passive profile SP) :-( I have thus > removed the symmetric binding from the WS-Policy used by STS and then all > the walkthrough run well - my issue is solved. > I don't know if it makes sense to make Fediz configurable in this area, I > don't know WS-Federation use cases that well... > > Regards, > Stepan. > > > > -----Original Message----- > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: Tuesday, February 11, 2014 4:48 PM > > To: [email protected] > > Subject: Re: Error "A encryption username needs to be declared" when > using > > Fediz IdP with external WS-Trust STS > > > > Could you create a JIRA + I will look into it? You also need to specify > a Crypto > > properties file as well as a username. > > > > Colm. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
