cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: SpnegoContextToken - Security Token support for CXF
Date Mon, 27 Jun 2011 09:03:21 GMT
Hi Sumit,

Please submit a patch and I'll be happy to review it.

> f) Also the security token received from service is encrypted as per
> http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap, and WSS4j dosent
> support it, so you need to wite logic to decrypt it.

I'd prefer to push this out to WSS4J rather than implement it in CXF
if possible.

Thanks,

Colm.

On Sun, Jun 26, 2011 at 5:18 AM, Sumit Pathak <sumitpathakin@gmail.com> wrote:
> I have this working:-
> a) What i was doing wrong is using Spnego token straight as security token
> to sign and encrypt, and passing that as a Binary header.
> b Where as this token should be used to get the secure token from the end
> point, see spec
> http://schemas.xmlsoap.org/ws/2005/02/trust/spnego/WSTrustForSPNego.pdf, for
> more details.
> c) Also see
> http://blog.facilelogin.com/2008/11/secure-conversation-with-wcf.html to see
> the message exchnage between the client and secrvice for the security token
> issue.
> d) If you set context.requestMutualAuth(Boolean.FALSE) while setting up the
> context between the client during GSS API calls, than only one pass
> initialization , would happen and you will get the security token.
> e) Make sure to Base64 decode the security token received from the service.
> f) Also the security token received from service is encrypted as per
> http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap, and WSS4j dosent
> support it, so you need to wite logic to decrypt it.
> g) Decrypting that token is as simple as calling context.unwrap() method on
> the received token.
>
> I think most of the things are supported in cxf for secure conversation get
> used here, we just need to provide correct hooking, i am more than happy to
> push this stuff into cxf, let me know if this is needed.
>
> Let me know in case if anybody needs any other info.
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SpnegoContextToken-Security-Token-support-for-CXF-tp569273p4525041.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

http://coheigea.blogspot.com/
Talend - http://www.talend.com

Mime
View raw message