axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Dean" <Tony.D...@sas.com>
Subject [Axis2] neethi/rampart
Date Fri, 18 May 2007 21:40:07 GMT
Hi,

Does Neethi/Rampart support the ability of specifying that a token is required from an STS
and upon return to use that token as a supporting token in the request to the actual target
service?  If the STS returns a UsernameToken with a username only (ie., no password) and a
RequestedProofToken with a binary secret, will the security framework (Neethi/Rampart), create
a nonce, creationTime, and digest for the outgoing UsernameToken request to the target service.
 Or am I just dreaming here (what will the security framework do with such a binary secret
in this case?).  I'm trying to come up with STS and policy such that the client doesn't have
to do anything programmatically... the STS returned token should be treated as an opaque entity.
 To accomplish this, is my only option to create a complete UsernameToken (username, password-digest,
nonce, creationTime) at the STS such that the client can just reference it and send it in
the actual request to the target service.

Thanks for any insight.

--Tony

Tony Dean
SAS Institute Inc.
919.531.6704
tony.dean@sas.com

SAS... The Power to Know
http://www.sas.com


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message