Re: Username/PWD on STS

Mon, 20 Oct 2014 10:21:12 -0700 

Do you have a test-case that I can take a look at?

Colm.

On Mon, Oct 20, 2014 at 5:27 PM, SRog <[email protected]> wrote:

> Hi,
> I try to configure a simple STS which satisfys the need of BiPRO (a
> standard
> to transfer insurance data) with Secure Conversation.
>
> In WSDL of the STS the BiPRO defines a policy like this for
> username/password authentication:
>
> <wsp:Policy wsu:Id="BiPROAuthSecurityPolicy"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>   <wsp:ExactlyOne>
>     <wsp:All>
>
>       <sp:TransportBinding>
>         <wsp:Policy>
>           <sp:TransportToken>
>             <wsp:Policy>
>               <sp:HttpsToken RequireClientCertificate="false"/>
>             </wsp:Policy>
>           </sp:TransportToken>
>         </wsp:Policy>
>       </sp:TransportBinding>
>
>       <sp:SupportingTokens>
>         <wsp:Policy>
>           <wsp:ExactlyOne>
>
>             <wsp:All>
>               <sp:UsernameToken wsu:Id="BiPROBasicToken"/>
>             </wsp:All>
>           </wsp:ExactlyOne>
>         </wsp:Policy>
>       </sp:SupportingTokens>
>     </wsp:All>
>   </wsp:ExactlyOne>
> </wsp:Policy>
>
> Then I configured the service in cxf-servlet.xml like this:
>
> ...
> <bean id="mySTSProviderBean"
>
> class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
>         <property name="issueSingleOperation"
> ref="transportIssueDelegate"/>
>         <property name="validateOperation"
> ref="transportValidateDelegate"/>
>         <property name="cancelOperation" ref="transportCancelDelegate"/>
>     </bean>
>
>     <bean id="transportIssueDelegate"
> class="org.apache.cxf.sts.operation.TokenIssueOperation">
>         <property name="tokenProviders" ref="transportTokenProviders"/>
>         <property name="services" ref="transportService"/>
>         <property name="stsProperties" ref="transportSTSProperties"/>
>         <property name="tokenStore" ref="defaultTokenStore"/>
>         <property name="returnReferences" value="false" />
>     </bean>
>
>     <bean id="transportValidateDelegate"
> class="org.apache.cxf.sts.operation.TokenValidateOperation">
>         <property name="tokenProviders" ref="transportTokenProviders"/>
>         <property name="tokenValidators" ref="transportTokenValidators"/>
>         <property name="stsProperties" ref="transportSTSProperties"/>
>         <property name="tokenStore" ref="defaultTokenStore"/>
>     </bean>
>
>     <bean id="transportCancelDelegate"
> class="org.apache.cxf.sts.operation.TokenCancelOperation">
>         <property name="tokenCancellers" ref="transportTokenCancellers"/>
>         <property name="stsProperties" ref="transportSTSProperties"/>
>         <property name="tokenStore" ref="defaultTokenStore"/>
>     </bean>
>
>     <util:list id="transportTokenProviders">
>         <ref bean="transportSCTProvider"/>
>     </util:list>
>     <util:list id="transportTokenValidators">
>         <ref bean="transportSCTValidator"/>
>     </util:list>
>     <util:list id="transportTokenCancellers">
>         <ref bean="transportSCTCanceller"/>
>     </util:list>
>
>     <bean id="transportSCTProvider" class="sts.BiPROTokenProvider">
>         <property name="returnEntropy" value="false" />
>     </bean>
>     <bean id="transportSCTValidator"
> class="org.apache.cxf.sts.token.validator.SCTValidator">
>     </bean>
>     <bean id="transportSCTCanceller"
> class="org.apache.cxf.sts.token.canceller.SCTCanceller">
>     </bean>
>      <bean id="transportService"
> class="org.apache.cxf.sts.service.StaticService">
>         <property name="endpoints" ref="transportEndpoints"/>
>     </bean>
>     <util:list id="transportEndpoints">
>         <value>http://localhost:(\d)*/doubleit/services/doubleit.*
>                 </value>
>     </util:list>
>
>    <bean id="defaultTokenStore"
> class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
>     </bean>
>
>     <bean id="encProperties"
> class="org.apache.cxf.sts.service.EncryptionProperties">
>         <property name="encryptionAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
>     </bean>
>
>     <bean id="transportSTSProperties"
> class="org.apache.cxf.sts.StaticSTSProperties">
>     </bean>
>
>     <bean id="sctInterceptor"
> class="org.apache.cxf.sts.interceptor.SCTInInterceptor"/>
>     <bean id="sctOutInterceptor"
> class="org.apache.cxf.sts.interceptor.SCTOutInterceptor"/>
>
>    <jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean"
>         address="/STS"
> wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl"
>         xmlns:ns1="http://www.bipro.net/namespace";
>         serviceName="ns1:SecurityTokenService_2.5.0.1.0"
> endpointName="ns1:UserPasswordLogin">
>        <jaxws:inInterceptors>
>             <ref bean="sctInterceptor"/>
>         </jaxws:inInterceptors>
>         <jaxws:outInterceptors>
>             <ref bean="sctOutInterceptor"/>
>         </jaxws:outInterceptors>
>         <jaxws:outFaultInterceptors>
>             <ref bean="sctOutInterceptor"/>
>         </jaxws:outFaultInterceptors>
>         <jaxws:properties>
>             <entry key="ws-security.callback-handler"
> value="sts.PasswordCallbackHandler" />
>             <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore">
>                 <ref bean="defaultTokenStore"/>
>             </entry>
>         </jaxws:properties>
>         <jaxws:features>
>             <logging xmlns="http://cxf.apache.org/core"; />
>             <ref bean="transformFeature" />
>         </jaxws:features>
>     </jaxws:endpoint>
>
> If I try to acces the services with a request containing username and pwd I
> got the message "*None of the policy alternatives can be satisfied.*"
>
> The request:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";>
>         <soap:Header>
>                 <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>                         <wsse:UsernameToken
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:bipro="http://www.bipro.net/namespace";>
>                                 <wsse:Username>alice</wsse:Username>
>                                 <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-387
> username-token-profile-1.0#PasswordText">clarinet</wsse:Password>
>                         </wsse:UsernameToken>
>                 </wsse:Security>
>         </soap:Header>
>                 <soap:Body>
>                 <wst:RequestSecurityToken
> xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
>
> <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
> </wst:RequestType>
>
> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct
> </wst:TokenType>
>                 </wst:RequestSecurityToken>
>         <soap:Body>
> <soap:Envelope>
>
> What I have to configure in cxf-servlet.xml to get things working? I could
> not change the WSDL while this is standard BiPRO.
>
> Thanks for your response,
> SRog
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Username-PWD-on-STS-tp5750076.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to