cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Redirecting Fediz GreeterService to ADFS2.0
Date Wed, 23 May 2012 07:54:21 GMT
Hi Gina,

> 2. I used folloiwng TokenType, hopefully Apache CXF understand it.
>  <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>

It can.

> 5. When client request ADFS2.0 new token using ActAs token, it need to be
> authenticated using username token since my ADSF end point is
> /adfs/services/trust/13/usernamemixed. I still don't see place to set
> username and password in bean.xml.

You need to set a username as well as the class name of a
CallbackHandler instance that returns the password for said username.
See here for an example:

http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml?view=markup

i.e.:

<entry key="ws-security.username" value="alice"/>
<entry key="ws-security.callback-handler"
    value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>

The CallbackHandler in question is here:

http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java?view=markup

Colm.


On Tue, May 22, 2012 at 10:58 PM, Gina Choi <ginachoi88@gmail.com> wrote:
> Hi Oliver,
>
> I have converted hello_world.wsdl file to Symmetric bindings and zip file is
> attached.
>
> 1. Since all configuration related to STS is can be done through beans.xml
> under examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I commented
> out STS related refernce from hello_world.wsdl(line 135-137).
>
>        </wsp:Policy>
>        <!--sp:Issuer>
>         <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex</wsaw:Address>
>        </sp:Issuer-->
>       </sp:IssuedToken>
>
> 2. I used folloiwng TokenType, hopefully Apache CXF understand it.
>  <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
>
> 3. In line 54, you have this. I don't know if type should be xsd:string. I
> left as it is for now.
> <element name="responseType" type="string"/>
>
> 4. In bean.xml file under
> examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I have updated
> conduit name by the hostname of ADFS.
>
> 5. When client request ADFS2.0 new token using ActAs token, it need to be
> authenticated using username token since my ADSF end point is
> /adfs/services/trust/13/usernamemixed. I still don't see place to set
> username and password in bean.xml.
>
> Thanks.
> Gina
>
> On Tue, May 22, 2012 at 4:34 PM, Oliver Wulff <owulff@talend.com> wrote:
>>
>> Hi Gina
>>
>> The configuration file is here:
>>
>> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/beans.xml?view=markup
>>
>> The bean jaxws:client contains all the configuration to call the
>> helloworld service. The property "ws-security.sts.client" contains all sts
>> related configuration.
>>
>> You also have to configure the trustore for the https communication which
>> is here:
>> 68     <!-- STS WSDL download -->
>> 69     <http:conduit name="https://localhost:9443/.*">
>> 70     <http:tlsClientParameters disableCNCheck="true">
>> 71     <sec:trustManagers>
>> 72     <sec:keyStore type="jks" password="tompass"
>> resource="tomcatKeystore.jks" />
>> 73     </sec:trustManagers>
>> 74     </http:tlsClientParameters>
>> 75     </http:conduit>
>>
>> where you can update the conduit name by the hostname of ADFS.
>>
>>
>>
>> ------
>>
>> Oliver Wulff
>>
>> Blog: http://owulff.blogspot.com
>> Solution Architect
>> http://coders.talend.com
>>
>> Talend Application Integration Division http://www.talend.com
>>
>> ________________________________
>> From: Gina Choi [ginachoi88@gmail.com]
>> Sent: 22 May 2012 21:59
>> To: Oliver Wulff
>> Cc: users@cxf.apache.org
>> Subject: Redirecting Fediz GreeterService to ADFS2.0
>>
>> Hi Oliver,
>>
>> With your help, previously I have successfully connected Fediz Helloworld
>> web
>> app(http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/)
>> to ADFS2.0 using WS-Federation. My next goal is to change Fediz
>> GreeterService(http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/)
>> to point to ADFS2.0 using Assertion token previously obtained from
>> WS-Federation. This Assertion token will be used as actas token. I am
>> planning to use Symmetric bindings for Web service-client-ADFS2.0 and
>> ADFS2.0 end point will be adfs/services/trust/13/usernamemixed. Everything
>> pretty much same as your blog (SSO across Web Applications and Web Services
>> - Part IV b :
>> http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web_16.html)
>> except that my STS is ADFS2.0. I have attached zipped mex file for my ADFS
>> and wsdl file for my final .NET web service. I will send you wsdl file for
>> GreeterService using Symmetric bindings later.
>>
>> You previously mentioned configuring the password with the property
>> "ws-security.password". Do you have a configuration file in the client side
>> to add ws-security.password?
>>
>> Thanks.
>> Gina
>
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message