Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 63370DC28 for ; Tue, 24 Jul 2012 12:58:42 +0000 (UTC) Received: (qmail 94567 invoked by uid 500); 24 Jul 2012 12:58:41 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 94513 invoked by uid 500); 24 Jul 2012 12:58:41 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 93843 invoked by uid 99); 24 Jul 2012 12:58:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jul 2012 12:58:39 +0000 X-ASF-Spam-Status: No, hits=4.1 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ginachoi88@gmail.com designates 209.85.160.41 as permitted sender) Received: from [209.85.160.41] (HELO mail-pb0-f41.google.com) (209.85.160.41) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jul 2012 12:58:35 +0000 Received: by pbbrp2 with SMTP id rp2so14910980pbb.0 for ; Tue, 24 Jul 2012 05:58:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=TtKpbkPXIxzlZlDGwFBYE/NhxMoZLSxKJ0e0WjkIbpA=; b=isVOwjVUJvvnzldQwc1AKTpTh2kXVjGd+o6y5cVFzJsPeS+YGbMCQlyEvzZH2lkcMM AAD57KSURdMnDK2fYuHQ4tuybX9NcUrtg2PWA8+oquIz+cLvNow4m8FQObiKpDlWhYhu GnBniKDxh6DJ6ZV568JIvYVh5xhJ4/pXlaQT/8SN23x6KnjZRoXfRuSKUEMqsvrYRACu BbR7qfhHQfIhuw3WBQUyWCfQsiJwYmsJIsWgNyzXFHW/pDx66SB2Zize9y/LyMvKmKJh cg4tWCXrj82xpu4EAmJNAwu1fp+ZhwD8s5WMfY2EiUUU+TcDgcHQ4sjoWjHAUkSq96Cm RWZA== MIME-Version: 1.0 Received: by 10.68.240.69 with SMTP id vy5mr44148549pbc.156.1343134695319; Tue, 24 Jul 2012 05:58:15 -0700 (PDT) Received: by 10.68.132.162 with HTTP; Tue, 24 Jul 2012 05:58:15 -0700 (PDT) In-Reply-To: References: <1343058117990-5711426.post@n5.nabble.com> Date: Tue, 24 Jul 2012 08:58:15 -0400 Message-ID: Subject: Re: RequestSecurityToken without Encrypting and Signing From: Gina Choi To: users@cxf.apache.org, coheigea@apache.org Content-Type: multipart/alternative; boundary=047d7b339ce16668bb04c592ea4f X-Virus-Checked: Checked by ClamAV on apache.org --047d7b339ce16668bb04c592ea4f Content-Type: text/plain; charset=ISO-8859-1 Hi Colm, I would like to confirm if I understand you correctly. So, do we need to add following content to Fediz STS wsdl file to issue a token? At this point we mostly interested in(minimum) issuing a a token. I am not sure if we need to "Validate" operation to issue a RSTR. Thanks. Gina On Tue, Jul 24, 2012 at 6:34 AM, Colm O hEigeartaigh wrote: > You could use a SecurityPolicy that just requires a UsernameToken without a > binding. For example see the policy "" starting on line 214: > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup > > Of course, in practise one would combine a UsernameToken with the Transport > binding to secure the message exchange... > > Colm. > > On Mon, Jul 23, 2012 at 4:41 PM, Sarafian >wrote: > > > I have a C# code that asks the STS for a token using username password > > credentials. > > I'm using the UT or UTEncrypted endpoints but I get this error: > > > > These policy alternatives can not be satisfied: > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}ProtectionToken > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp > > : > > Received Timestamp does not match the requirements > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SymmetricBinding > > : > > Received Timestamp does not match the requirements > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: > > {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: > > {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED > > > > Is there a way for the STS to be configured not to apply the above > > policies? > > Is there another endpoint for these kind of things? > > > > I simply want to use a username/password credential combination to > request > > a > > security token. > > > > > > > > > > -- > > View this message in context: > > > http://cxf.547215.n5.nabble.com/RequestSecurityToken-without-Encrypting-and-Signing-tp5711426.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > --047d7b339ce16668bb04c592ea4f--