cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF client/WCF server interop
Date Fri, 17 Jan 2014 15:53:24 GMT
Here is a test in CXF that uses WS-Trust with SecureConversation:

http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java?view=markup

Here is the WSDL + security policy:

http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt.wsdl?view=markup

Colm.


On Fri, Jan 17, 2014 at 3:01 PM, Walters, Jay M <jmwalt@bu.edu> wrote:

> Hoping this is what you want.  Even I can take a guess that
> SecureConversation looks to be part of my future, though I would appreciate
> any pointer to a specific example I can work with.
>
> Thanks
>
>  <wsp:Policy wsu:Id="SomethingServiceHttp_policy">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:SymmetricBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:ProtectionToken>
>               <wsp:Policy>
>                 <sp:SecureConversationToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>                   <wsp:Policy>
>                     <sp:RequireDerivedKeys/>
>                     <sp:BootstrapPolicy>
>                       <wsp:Policy>
>                         <sp:SignedParts>
>                           <sp:Body/>
>                           <sp:Header Name="To" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="From" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="FaultTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="ReplyTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="MessageID" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="RelatesTo" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                           <sp:Header Name="Action" Namespace="
> http://www.w3.org/2005/08/addressing"/>
>                         </sp:SignedParts>
>                         <sp:EncryptedParts>
>                           <sp:Body/>
>                         </sp:EncryptedParts>
>                         <sp:SymmetricBinding>
>                           <wsp:Policy>
>                             <sp:ProtectionToken>
>                               <wsp:Policy>
>                                 <sp:IssuedToken sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>                                   <Issuer xmlns="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>                                     <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/username</Address>
>                                     <Metadata xmlns="
> http://www.w3.org/2005/08/addressing">
>                                       <Metadata xmlns="
> http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
>                                         <wsx:MetadataSection xmlns="">
>                                           <wsx:MetadataReference>
>                                             <Address xmlns="
> http://www.w3.org/2005/08/addressing">
> http://hostname/SecurityTokenService/mex</Address>
>                                           </wsx:MetadataReference>
>                                         </wsx:MetadataSection>
>                                       </Metadata>
>                                     </Metadata>
>                                   </Issuer>
>                                   <sp:RequestSecurityTokenTemplate>
>                                     <trust:TokenType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
> </trust:TokenType>
>                                     <trust:KeyType xmlns:trust="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
> </trust:KeyType>
>                                     <app:EpCode xmlns:app="
> http://www.foobar.com/app/ws-trust/2010/11">epCode</app:EpCode>
>                                   </sp:RequestSecurityTokenTemplate>
>                                   <wsp:Policy>
>                                     <sp:RequireDerivedKeys/>
>                                     <sp:RequireInternalReference/>
>                                   </wsp:Policy>
>                                 </sp:IssuedToken>
>                               </wsp:Policy>
>                             </sp:ProtectionToken>
>                             <sp:AlgorithmSuite>
>                               <wsp:Policy>
>                                 <sp:Basic256/>
>                               </wsp:Policy>
>                             </sp:AlgorithmSuite>
>                             <sp:Layout>
>                               <wsp:Policy>
>                                 <sp:Strict/>
>                               </wsp:Policy>
>                             </sp:Layout>
>                             <sp:IncludeTimestamp/>
>                             <sp:EncryptSignature/>
>                             <sp:OnlySignEntireHeadersAndBody/>
>                           </wsp:Policy>
>                         </sp:SymmetricBinding>
>                         <sp:Wss11>
>                           <wsp:Policy/>
>                         </sp:Wss11>
>                         <sp:Trust13>
>                           <wsp:Policy>
>                             <sp:MustSupportIssuedTokens/>
>                             <sp:RequireClientEntropy/>
>                             <sp:RequireServerEntropy/>
>                           </wsp:Policy>
>                         </sp:Trust13>
>                       </wsp:Policy>
>                     </sp:BootstrapPolicy>
>                     <sp:MustNotSendAmend/>
>                   </wsp:Policy>
>                 </sp:SecureConversationToken>
>               </wsp:Policy>
>             </sp:ProtectionToken>
>             <sp:AlgorithmSuite>
>               <wsp:Policy>
>                 <sp:Basic256/>
>               </wsp:Policy>
>             </sp:AlgorithmSuite>
>             <sp:Layout>
>               <wsp:Policy>
>                 <sp:Strict/>
>               </wsp:Policy>
>             </sp:Layout>
>             <sp:IncludeTimestamp/>
>             <sp:EncryptSignature/>
>             <sp:OnlySignEntireHeadersAndBody/>
>           </wsp:Policy>
>         </sp:SymmetricBinding>
>         <sp:Wss11 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy/>
>         </sp:Wss11>
>         <sp:Trust13 xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:MustSupportIssuedTokens/>
>             <sp:RequireClientEntropy/>
>             <sp:RequireServerEntropy/>
>           </wsp:Policy>
>         </sp:Trust13>
>         <wsaw:UsingAddressing/>
>       </wsp:All>
>     </wsp:ExactlyOne>
>   </wsp:Policy>
>
> ________________________________________
> From: Colm O hEigeartaigh [coheig@gmail.com]
> Sent: Friday, January 17, 2014 4:51 AM
> To: users@cxf.apache.org
> Subject: Re: CXF client/WCF server interop
>
> Could you paste the security policy of the service + I will take a look?
>
> Colm.
>
>
> On Fri, Jan 17, 2014 at 2:22 AM, Walters, Jay M <jmwalt@bu.edu> wrote:
>
> > I have a third party MS WCF Webservice which is using some variant of
> STS,
> > that I have been trying to call from a CXF client.  This is WSDL first.
> >
> > I have been trying the simple STS examples I find on the website and
> > around the network,  I am not close to getting this type of packet with
> the
> > off the internet examples to reproduce this soap envelope which is sent
> to
> > the STS server by a Metro client or a C# client.
> >
> > Is this secure conversation?  I expect there is a working example in the
> > source if somebody could point me towards it?
> >
> > Thanks in advance.
> >
> > <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"
> > xmlns:wsse11="
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
> > xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="
> > http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="
> > http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:xenc="
> > http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="
> > http://www.w3.org/2001/10/xml-exc-c14n#">
> >   <S:Header>
> >     <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5007">
> > http://hostname:8030/SecurityTokenService/username</To>
> >     <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">
> > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
> >     <ReplyTo xmlns="http://www.w3.org/2005/08/addressing"
> wsu:Id="_5005">
> >     <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
> > </ReplyTo>
> >     <MessageID xmlns="http://www.w3.org/2005/08/addressing"
> > wsu:Id="_5004">uuid:fqef</MessageID>
> >     <wsse:Security S:mustUnderstand="true">
> >       <wsu:Timestamp xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_5">
> >         <wsu:Created>2014-01-17T02:00:30Z</wsu:Created>
> >         <wsu:Expires>2014-01-17T02:05:30Z</wsu:Expires>
> >       </wsu:Timestamp>
> >       <xenc:EncryptedKey xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5002">
> >         <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
> >         <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> >           <wsse:SecurityTokenReference>
> >             <wsse:KeyIdentifier ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
> "
> > EncodingType="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > ">fjkqefq=</wsse:KeyIdentifier>
> >           </wsse:SecurityTokenReference>
> >         </ds:KeyInfo>
> >         <xenc:CipherData>
> >         <xenc:CipherValue>akjefefe</xenc:CipherValue>
> >         </xenc:CipherData>
> >       </xenc:EncryptedKey>
> >       <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_3">
> >         <wsse:SecurityTokenReference>
> >           <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> >         </wsse:SecurityTokenReference>
> >         <ns19:Offset>0</ns19:Offset>
> >         <ns19:Length>24</ns19:Length>
> >         <ns19:Nonce>xyzzy</ns19:Nonce>
> >       </ns19:DerivedKeyToken>
> >       <ns19:DerivedKeyToken xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns20="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_4">
> >         <wsse:SecurityTokenReference>
> >           <wsse:Reference URI="#_5002" ValueType="
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > "/>
> >         </wsse:SecurityTokenReference>
> >         <ns19:Offset>0</ns19:Offset>
> >         <ns19:Length>32</ns19:Length>
> >         <ns19:Nonce>xyzzy</ns19:Nonce>
> >       </ns19:DerivedKeyToken>
> >       <xenc:ReferenceList xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/">
> >         <xenc:DataReference URI="#_5010"/>
> >         <xenc:DataReference URI="#_5011"/>
> >         <xenc:DataReference URI="#_5012"/>
> >       </xenc:ReferenceList>
> >       <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5012" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> >         <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> >         <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> >           <wsse:SecurityTokenReference>
> >             <wsse:Reference URI="#_4"/>
> >           </wsse:SecurityTokenReference>
> >         </ds:KeyInfo>
> >         <xenc:CipherData>
> >         <xenc:CipherValue>abc</xenc:CipherValue>
> >         </xenc:CipherData>
> >       </xenc:EncryptedData>
> >       <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5011" Type="
> > http://www.w3.org/2001/04/xmlenc#Element">
> >         <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> >         <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> "
> > xsi:type="KeyInfoType">
> >           <wsse:SecurityTokenReference>
> >             <wsse:Reference URI="#_4"/>
> >           </wsse:SecurityTokenReference>
> >         </ds:KeyInfo>
> >
> >
> <xenc:CipherData><xenc:CipherValue>eqef</xenc:CipherValue></xenc:CipherData>
> >       </xenc:EncryptedData>
> >     </wsse:Security>
> >   </S:Header>
> >   <S:Body wsu:Id="_5008">
> >     <xenc:EncryptedData xmlns:ns20="
> > http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns19="
> > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
> > xmlns:ns18="http://schemas.xmlsoap.org/soap/envelope/" Id="_5010" Type="
> > http://www.w3.org/2001/04/xmlenc#Content">
> >       <xenc:EncryptionMethod Algorithm="
> > http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> >       <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:type="KeyInfoType">
> >         <wsse:SecurityTokenReference>
> >           <wsse:Reference URI="#_4"/>
> >         </wsse:SecurityTokenReference>
> >       </ds:KeyInfo>
> >       <xenc:CipherData>
> >           <xenc:CipherValue>bgdwd </xenc:CipherValue>
> >       </xenc:CipherData>
> >     </xenc:EncryptedData>
> >   </S:Body>
> > </S:Envelope>
> >
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message