> Question: what should be the expected value of 'ws-security.username' & > 'ws-security.sts.token.username'?
Assuming that the STS has a UsernameToken policy requirement, the 'ws-security.username' is used to used as the "username". Alternatively, it is used as the keystore alias if this is required by the security policy. 'ws-security.sts.token.username' is the keystore alias to use if you are sending a certificate to the STS as part of "UseKey" (required if the KeyType is PublicKey). As the security policy you are using is "SymmetricKey" you don't need any of the "ws-security.sts.token.*" properties. Colm. On Wed, Sep 24, 2014 at 10:54 AM, niranjana.murthy < [email protected]> wrote: > The problem still exists. > > *Here is the bean configuration: I did not have the properties mapping > earlier, added it on your suggestion > * > <bean id="stsClientFederation" > class="org.apache.cxf.ws.security.trust.STSClient" scope="prototype"> > <constructor-arg ref="cxf" /> > <property name="wsdlLocation" value="adfs.wsdl" /> > <property name="sendRenewing" value="false" /> > <property name="serviceName" > value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService > "/> > <property name="endpointName" > value="{ > http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}IssuedTokenWSTrustBinding_IWSTrust13Async1 > "/> > <property name="addressingNamespace" > value="http://www.w3.org/2005/08/addressing"; /> > <property name="enableAppliesTo" value="true" /> > <property name="properties"> > <map> > <entry key="ws-security.username" value="username"/> > <entry key="ws-security.callback-handler" > value="clientKeystore.PasswordCallbackHandler"/> > <entry key="ws-security.sts.token.username" > value="clientstskey"/> > <entry key="ws-security.sts.token.properties" > value="clientKeystore.properties"/> > <entry key="ws-security.sts.token.usecert" value="true"/> > </map> > </property> > </bean> > > > Question: > what should be the expected value of 'ws-security.username' & > 'ws-security.sts.token.username'? > > > ------------------------------------------------------------------------------------------------------------------ > *Security policy, binding.. from the wsdl* > > <wsp:Policy wsu:Id="IssuedTokenWSTrustBinding_IWSTrust13Async1_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:TransportBinding > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > > <sp:HttpsToken /> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict > /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > </wsp:Policy> > </sp:TransportBinding> > <sp:EndorsingSupportingTokens > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:IssuedToken > > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > > <sp:RequestSecurityTokenTemplate> > > <trust:KeyType> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey > > </trust:KeyType> > > <trust:KeySize>256</trust:KeySize> > > <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p > > </trust:KeyWrapAlgorithm> > > <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc > > </trust:EncryptWith> > > <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1 > > </trust:SignatureAlgorithm> > > <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n# > > </trust:CanonicalizationAlgorithm> > > <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc > > </trust:EncryptionAlgorithm> > > </sp:RequestSecurityTokenTemplate> > <wsp:Policy> > > <sp:RequireInternalReference /> > </wsp:Policy> > </sp:IssuedToken> > <sp:SignedParts> > <sp:Header > Name="To" Namespace="http://www.w3.org/2005/08/addressing"; > /> > </sp:SignedParts> > <KeyValueToken > IncludeToken="" Optional=""> > <Policy /> > </KeyValueToken> > </wsp:Policy> > </sp:EndorsingSupportingTokens> > <sp:Wss11 > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > > <sp:MustSupportRefKeyIdentifier /> > > <sp:MustSupportRefIssuerSerial /> > > <sp:MustSupportRefThumbprint /> > > <sp:MustSupportRefEncryptedKey /> > </wsp:Policy> > </sp:Wss11> > <sp:Trust13 > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust13> > <wsaw:UsingAddressing /> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > ---------------------------------------------------------------------------------------------- > > <wsdl:binding name="IssuedTokenWSTrustBinding_IWSTrust13Async1" > type="tns:IWSTrust13Async"> > <wsp:PolicyReference > > URI="#IssuedTokenWSTrustBinding_IWSTrust13Async1_policy" /> > <soap12:binding transport=" > http://schemas.xmlsoap.org/soap/http"; /> > <wsdl:operation name="Trust13IssueAsync"> > <soap12:operation > soapAction=" > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; > style="document" /> > <wsdl:input> > <soap12:body use="literal" /> > </wsdl:input> > <wsdl:output> > <soap12:body use="literal" /> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > > > -------------------------------------------------------------------------------------------------------------- > Here is my code snippet to get the token > > public SecurityToken getFederatedToken(TokenInputs tokenInputVo, > SecurityToken issuedToken) { > SecurityToken securityToken = null; > try { > stsClient = (STSClient) > ctx.getBean("stsClientFederation"); > stsClient.setEnableAppliesTo(true); > stsClient.setTokenType(SAML2_TOKEN_TYPE); > > //Next two lines are necessary as ADFS will throw unrecognized Policy > otherwise > stsClient.setAddressingNamespace(" > http://schemas.xmlsoap.org/ws/2004/08/addressing";); > > stsClient.setWspNamespace("http://schemas.xmlsoap.org/ws/2004/09/policy";); > > stsClient.getProperties().put("ws-security.token", > issuedToken); > > securityToken = > stsClient.requestSecurityToken(tokenInputVo.getAdfsRelyingParty()); > } catch (Exception exp) { throw new > RuntimeException("Error occured while > requesting a federation security token from ADFS", exp); > } > return securityToken; > } > > What do you suggest. Is it the right way to get an issuedToken? > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/IssuedToken-nullpointer-exception-tp5749119p5749157.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
