Hi Stefan, Take a look at the following test that I committed:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=288259b2 It uses a roughly similar security policy to yours - the client gets a SCT from the STS and sends it to the service, which in turn dispatches it to the STS for validation. The test-case you create is using a old version of CXF that is no longer supported. Please try again with a more recent version... Colm. On Fri, Aug 29, 2014 at 5:53 PM, Stefan Rogge <[email protected]> wrote: > Hi Colm, > its done. I created a test case, wich contains the business service and > the sts. Also there are SoapUI-projects to call the services. > I would be glad if you could take a look at it. > > Thanks, > SRog > > > Date: Wed, 27 Aug 2014 16:10:30 +0100 > > Subject: Re: BiPRO Security-Token-Service > > From: [email protected] > > To: [email protected] > > > > Could you create a test-case + I will take a look? Normally, > > SecureConversationToken is used with a BootstrapPolicy, which it isn't in > > this case. > > > > Colm. > > > > On Wed, Aug 27, 2014 at 12:04 PM, SRog <[email protected]> wrote: > > > > > Hi there, > > > I will give that a new try because I am not sure whats the problem. > > > > > > I have a STS which provides a SCT. > > > > > > My business service policy is described like this (BiPRO-standard): > > > > > > <wsp:Policy wsu:Id="BiPROAuthSecurityPolicy"> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <sp:TransportBinding> > > > <wsp:Policy> > > > <sp:TransportToken> > > > <wsp:Policy> > > > <sp:HttpsToken > > > RequireClientCertificate="false" /> > > > </wsp:Policy> > > > </sp:TransportToken> > > > </wsp:Policy> > > > </sp:TransportBinding> > > > <sp:SupportingTokens> > > > <wsp:Policy> > > > <sp:SecureConversationToken > > > > > > sp:IncludeToken=" > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > > "> > > > <sp:Issuer> > > > > > > <wsa:Address>http://localhost:8080/DoubleItSTS/STS</wsa:Address> > > > </sp:Issuer> > > > </sp:SecureConversationToken> > > > </wsp:Policy> > > > </sp:SupportingTokens> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > Now I tried to call the business service with a request header like > this: > > > > > > <soapenv:Header> > > > <wsse:Security> > > > <wsc:SecurityContextToken > > > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";> > > > > > > <wsc:Identifier>uuid:D47D9C3E74F30DF5BE14090688057401</wsc:Identifier> > > > </wsc:SecurityContextToken> > > > </wsse:Security> > > > </soapenv:Header> > > > > > > I thought that a call with a header like this has correct format to get > > > processed but instead I got this message: > > > > > > These policy alternatives can not be satisfied: > > > { > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient}SecureConversationToken > > > > > > Whats wrong with the request? How can I fix this issue? > > > > > > Regards, > > > SRog > > > > > > > > > > > > -- > > > View this message in context: > > > > http://cxf.547215.n5.nabble.com/BiPRO-Security-Token-Service-tp5748199.html > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
