cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: RequestSecurityToken without Encrypting and Signing
Date Tue, 24 Jul 2012 10:34:22 GMT
You could use a SecurityPolicy that just requires a UsernameToken without a
binding. For example see the policy "<!-- 2.1.1.3 UsernameToken with
timestamp, nonce and password hash -->" starting on line 214:

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup

Of course, in practise one would combine a UsernameToken with the Transport
binding to secure the message exchange...

Colm.

On Mon, Jul 23, 2012 at 4:41 PM, Sarafian <sarafian_developer@yahoo.gr>wrote:

> I have a C# code that asks the STS for a token using username password
> credentials.
> I'm using the UT or UTEncrypted endpoints but I get this error:
>
> These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> :
> Received Timestamp does not match the requirements
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding
> :
> Received Timestamp does not match the requirements
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts:
> {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts:
> {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
>
> Is there a way for the STS to be configured not to apply the above
> policies?
> Is there another endpoint for these kind of things?
>
> I simply want to use a username/password credential combination to request
> a
> security token.
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/RequestSecurityToken-without-Encrypting-and-Signing-tp5711426.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message