Please take a look at the following sample configuration, for an STS that issues SCTs:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-sts.xml;hb=HEAD Colm. On Sun, Aug 24, 2014 at 9:47 PM, SRog <[email protected]> wrote: > Hi there, > I am new to Security Token Service in CXF, so please excuse my newbie > questions to that topic. I try to configure a simple STS which satisfys the > need of BiPRO (a standard to transfer insurance data) with Secure > Conversation. > > The BiPRO-standard says that WSDL of the STS has to look something like > this: > > <?xml version="1.0" encoding="UTF-8"?> > <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap/"; > xmlns:bipro="http://www.bipro.net/namespace"; > xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > targetNamespace="http://www.bipro.net/namespace"; > bipro:Name="SecurityTokenService_2.5.0.1.0.wsdl" > bipro:Version="2.5.0.1.0"> > <wsdl:types> > <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > version="1.0"> > <xsd:import namespace=" > http://schemas.xmlsoap.org/ws/2005/02/trust"; > > schemaLocation="http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.xsd > "/> > </xsd:schema> > <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > version="1.0"> > <xsd:import > namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"; > > schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd > "/> > </xsd:schema> > </wsdl:types> > <wsdl:message name="RequestSecurityTokenRequest"> > <wsdl:part name="parameters" element="wst:RequestSecurityToken"/> > </wsdl:message> > <wsdl:message name="RequestSecurityTokenResponse"> > <wsdl:part name="parameters" > element="wst:RequestSecurityTokenResponse"/> > </wsdl:message> > <wsdl:portType name="SecurityTokenServicePortType"> > <wsdl:operation name="RequestSecurityToken" > parameterOrder="parameters"> > <wsdl:documentation> > Dieser Service gibt nach erfolgreicher Authentifizierung ein Security Token > (Security Context Token) zurueck. Die Authentifizierung kann dabei entweder > mit Benutzername und Passwort oder mit einem VDG-Ticket erfolgen. > </wsdl:documentation> > <wsdl:input message="bipro:RequestSecurityTokenRequest" > name="RequestSecurityTokenRequest"/> > <wsdl:output message="bipro:RequestSecurityTokenResponse" > name="RequestSecurityTokenResponse"/> > </wsdl:operation> > </wsdl:portType> > <wsdl:binding name="SecurityTokenServiceBinding" > type="bipro:SecurityTokenServicePortType"> > <soapbind:binding style="document" > transport="http://schemas.xmlsoap.org/soap/http"/> > > <wsdl:operation name="RequestSecurityToken"> > <soapbind:operation soapAction="urn:RequestSecurityToken" > style="document"/> > <wsdl:input name="RequestSecurityTokenRequest"> > <soapbind:body use="literal"/> > </wsdl:input> > <wsdl:output name="RequestSecurityTokenResponse"> > <soapbind:body use="literal"/> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="SecurityTokenService_2.5.0.1.0"> > <wsdl:documentation> > Dieser Service stellt Funktionen fuer die > Authentifizierung > mit Benutzername und Passwort oder mit einem > VDG-Ticket zur Verfuegung. > </wsdl:documentation> > <wsdl:port name="UserPasswordLogin" > binding="bipro:SecurityTokenServiceBinding"> > <wsdl:documentation> > Diese Funktion erledigt die > Authentifizierung mit Benutzername und Passwort. > </wsdl:documentation> > <soapbind:address > location="https://host/path/services/UserPasswordLogin_2.5.0.1.0"/> > </wsdl:port> > <wsdl:port name="VDGTicketLogin" > binding="bipro:SecurityTokenServiceBinding"> > <wsdl:documentation> > Diese Funktion erledigt die > Authentifizierung mit einem VDG-Ticket. > </wsdl:documentation> > <wsp:PolicyReference URI="#VDGAuthPolicy"/> > <soapbind:address > location="https://host/path/services/VDGTicketLogin_2.5.0.1.0"/> > </wsdl:port> > </wsdl:service> > </wsdl:definitions> > > After the wsdl was deployed I generated a SoapUI-request to call the STS > for > token. > My request looks like this: > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header/> > <soap:Body> > <wst:RequestSecurityToken > xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> > > <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue > </wst:RequestType> > > <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct > </wst:TokenType> > <nachr:BiPROVersion > xmlns:nachr="http://www.bipro.net/namespace/nachrichten > ">2.5.0.1.0</nachr:BiPROVersion> > </wst:RequestSecurityToken> > <soap:Body> > <soap:Envelope> > > At the first step I try to get the STS work with this WSDL without > security. > So I uncommented the policies. > In cxf-servlet.xml I added this: > > <bean id="mySTSProviderBean" > > class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider"> > <property name="stsProperties" ref="mySTSProperties" /> > <property name="services" ref="myServiceList" /> > <property name="issueOperation" ref="utIssueDelegate"/> > </bean> > > <bean id="utIssueDelegate" > class="org.apache.cxf.sts.operation.TokenIssueOperation"> > <property name="tokenProviders" ref="utSCTokenProvider"/> > </bean> > > <bean id="utSCTokenProvider" > class="org.apache.cxf.sts.token.provider.SCTProvider"> > </bean> > > <bean id="mySTSProperties" class="org.apache.cxf.sts.StaticSTSProperties" > /> > > <jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean" > address="/STS" > wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl" > xmlns:ns1="http://www.bipro.net/namespace"; > serviceName="ns1:SecurityTokenService_2.5.0.1.0" > endpointName="ns1:UserPasswordLogin"> > </jaxws:endpoint> > > Without the delegation of the issueOperation the request-operation could > not > been processed with the message "The specified RequestSecurityToken is not > understood". > > With this config above, I got the message "No STSProperties object found". > I > tried to set empty StaticSTSProperties as well as full filled ones. > > Please, could someone give me a hint whats wrong with my configuration, or > rather what I have to do to get a simple SCT from a STS with the WSDL > explained above. > > Thank you very much, > SRog > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-STS-with-SecureConversation-tp5748092.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
