axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Dean" <>
Subject [Axis2] neethi/rampart
Date Fri, 18 May 2007 21:40:07 GMT

Does Neethi/Rampart support the ability of specifying that a token is required from an STS
and upon return to use that token as a supporting token in the request to the actual target
service?  If the STS returns a UsernameToken with a username only (ie., no password) and a
RequestedProofToken with a binary secret, will the security framework (Neethi/Rampart), create
a nonce, creationTime, and digest for the outgoing UsernameToken request to the target service.
 Or am I just dreaming here (what will the security framework do with such a binary secret
in this case?).  I'm trying to come up with STS and policy such that the client doesn't have
to do anything programmatically... the STS returned token should be treated as an opaque entity.
 To accomplish this, is my only option to create a complete UsernameToken (username, password-digest,
nonce, creationTime) at the STS such that the client can just reference it and send it in
the actual request to the target service.

Thanks for any insight.


Tony Dean
SAS Institute Inc.

SAS... The Power to Know

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message