cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Re: Redirecting Fediz GreeterService to ADFS2.0
Date Tue, 22 May 2012 21:58:37 GMT
Hi Oliver,

I have converted hello_world.wsdl file to Symmetric bindings and zip file
is attached.

1. Since all configuration related to STS is can be done through beans.xml
under examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I commented
out STS related refernce from hello_world.wsdl(line 135-137).

       </wsp:Policy>
       <!--sp:Issuer>
        <wsaw:Address>https://strts01.ams.dev/adfs/services/trust/mex
</wsaw:Address>
       </sp:Issuer-->
      </sp:IssuedToken>

2. I used folloiwng TokenType, hopefully Apache CXF understand it.
 <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>

3. In line 54, you have this. I don't know if type should be xsd:string. I
left as it is for now.
<element name="responseType" type="string"/>

4. In bean.xml file under
examples\wsclientWebapp\webapp\src\main\webapp\WEB-INF, I have updated
conduit name by the hostname of ADFS.

5. When client request ADFS2.0 new token using ActAs token, it need to be
authenticated using username token since my ADSF end point is
/adfs/services/trust/13/usernamemixed. I still don't see place to set
username and password in bean.xml.

Thanks.
Gina

On Tue, May 22, 2012 at 4:34 PM, Oliver Wulff <owulff@talend.com> wrote:

>  Hi Gina
>
> The configuration file is here:
>
> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/beans.xml?view=markup
>
> The bean jaxws:client contains all the configuration to call the
> helloworld service. The property "ws-security.sts.client" contains all sts
> related configuration.
>
> You also have to configure the trustore for the https communication which
> is here:
> 68     <!-- STS WSDL download -->
> 69     <http:conduit name="https://localhost:9443/.*">
> 70     <http:tlsClientParameters disableCNCheck="true">
> 71     <sec:trustManagers>
> 72     <sec:keyStore type="jks" password="tompass"
> resource="tomcatKeystore.jks" />
> 73     </sec:trustManagers>
> 74     </http:tlsClientParameters>
> 75     </http:conduit>
>
> where you can update the conduit name by the hostname of ADFS.
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>   ------------------------------
> *From:* Gina Choi [ginachoi88@gmail.com]
> *Sent:* 22 May 2012 21:59
> *To:* Oliver Wulff
> *Cc:* users@cxf.apache.org
> *Subject:* Redirecting Fediz GreeterService to ADFS2.0
>
>   Hi Oliver,
>
> With your help, previously I have successfully connected Fediz Helloworld
> web app(
> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/)
> to ADFS2.0 using WS-Federation. My next goal is to change Fediz
> GreeterService(
> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/)
> to point to ADFS2.0 using Assertion token previously obtained from
> WS-Federation. This Assertion token will be used as actas token. I am
> planning to use Symmetric bindings for Web service-client-ADFS2.0 and
> ADFS2.0 end point will be adfs/services/trust/13/usernamemixed.
> Everything pretty much same as your blog (SSO across Web Applications and
> Web Services - Part IV b :
> http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web_16.html)
> except that my STS is ADFS2.0. I have attached zipped mex file for my ADFS
> and wsdl file for my final .NET web service. I will send you wsdl file for
> GreeterService using Symmetric bindings later.
>
> You previously mentioned configuring the password with the property
> "ws-security.password". Do you have a configuration file in the client side
> to add ws-security.password?
>
> Thanks.
> Gina
>

Mime
View raw message