Hi there, I am new to Security Token Service in CXF, so please excuse my newbie questions to that topic. I try to configure a simple STS which satisfys the need of BiPRO (a standard to transfer insurance data) with Secure Conversation.
The BiPRO-standard says that WSDL of the STS has to look something like this: <?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:bipro="http://www.bipro.net/namespace"; xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; targetNamespace="http://www.bipro.net/namespace"; bipro:Name="SecurityTokenService_2.5.0.1.0.wsdl" bipro:Version="2.5.0.1.0"> <wsdl:types> <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; version="1.0"> <xsd:import namespace="http://schemas.xmlsoap.org/ws/2005/02/trust"; schemaLocation="http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.xsd"/> </xsd:schema> <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; version="1.0"> <xsd:import namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"; schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd"/> </xsd:schema> </wsdl:types> <wsdl:message name="RequestSecurityTokenRequest"> <wsdl:part name="parameters" element="wst:RequestSecurityToken"/> </wsdl:message> <wsdl:message name="RequestSecurityTokenResponse"> <wsdl:part name="parameters" element="wst:RequestSecurityTokenResponse"/> </wsdl:message> <wsdl:portType name="SecurityTokenServicePortType"> <wsdl:operation name="RequestSecurityToken" parameterOrder="parameters"> <wsdl:documentation> Dieser Service gibt nach erfolgreicher Authentifizierung ein Security Token (Security Context Token) zurueck. Die Authentifizierung kann dabei entweder mit Benutzername und Passwort oder mit einem VDG-Ticket erfolgen. </wsdl:documentation> <wsdl:input message="bipro:RequestSecurityTokenRequest" name="RequestSecurityTokenRequest"/> <wsdl:output message="bipro:RequestSecurityTokenResponse" name="RequestSecurityTokenResponse"/> </wsdl:operation> </wsdl:portType> <wsdl:binding name="SecurityTokenServiceBinding" type="bipro:SecurityTokenServicePortType"> <soapbind:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="RequestSecurityToken"> <soapbind:operation soapAction="urn:RequestSecurityToken" style="document"/> <wsdl:input name="RequestSecurityTokenRequest"> <soapbind:body use="literal"/> </wsdl:input> <wsdl:output name="RequestSecurityTokenResponse"> <soapbind:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="SecurityTokenService_2.5.0.1.0"> <wsdl:documentation> Dieser Service stellt Funktionen fuer die Authentifizierung mit Benutzername und Passwort oder mit einem VDG-Ticket zur Verfuegung. </wsdl:documentation> <wsdl:port name="UserPasswordLogin" binding="bipro:SecurityTokenServiceBinding"> <wsdl:documentation> Diese Funktion erledigt die Authentifizierung mit Benutzername und Passwort. </wsdl:documentation> <soapbind:address location="https://host/path/services/UserPasswordLogin_2.5.0.1.0"/> </wsdl:port> <wsdl:port name="VDGTicketLogin" binding="bipro:SecurityTokenServiceBinding"> <wsdl:documentation> Diese Funktion erledigt die Authentifizierung mit einem VDG-Ticket. </wsdl:documentation> <wsp:PolicyReference URI="#VDGAuthPolicy"/> <soapbind:address location="https://host/path/services/VDGTicketLogin_2.5.0.1.0"/> </wsdl:port> </wsdl:service> </wsdl:definitions> After the wsdl was deployed I generated a SoapUI-request to call the STS for token. My request looks like this: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header/> <soap:Body> <wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType> <nachr:BiPROVersion xmlns:nachr="http://www.bipro.net/namespace/nachrichten";>2.5.0.1.0</nachr:BiPROVersion> </wst:RequestSecurityToken> <soap:Body> <soap:Envelope> At the first step I try to get the STS work with this WSDL without security. So I uncommented the policies. In cxf-servlet.xml I added this: <bean id="mySTSProviderBean" class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider"> <property name="stsProperties" ref="mySTSProperties" /> <property name="services" ref="myServiceList" /> <property name="issueOperation" ref="utIssueDelegate"/> </bean> <bean id="utIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> <property name="tokenProviders" ref="utSCTokenProvider"/> </bean> <bean id="utSCTokenProvider" class="org.apache.cxf.sts.token.provider.SCTProvider"> </bean> <bean id="mySTSProperties" class="org.apache.cxf.sts.StaticSTSProperties" /> <jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean" address="/STS" wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl" xmlns:ns1="http://www.bipro.net/namespace"; serviceName="ns1:SecurityTokenService_2.5.0.1.0" endpointName="ns1:UserPasswordLogin"> </jaxws:endpoint> Without the delegation of the issueOperation the request-operation could not been processed with the message "The specified RequestSecurityToken is not understood". With this config above, I got the message "No STSProperties object found". I tried to set empty StaticSTSProperties as well as full filled ones. Please, could someone give me a hint whats wrong with my configuration, or rather what I have to do to get a simple SCT from a STS with the WSDL explained above. Thank you very much, SRog -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-STS-with-SecureConversation-tp5748092.html Sent from the cxf-user mailing list archive at Nabble.com.
