cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SRog <Stefan.Ro...@outlook.de>
Subject CXF STS with SecureConversation
Date Sun, 24 Aug 2014 20:47:41 GMT
Hi there, 
I am new to Security Token Service in CXF, so please excuse my newbie
questions to that topic. I try to configure a simple STS which satisfys the
need of BiPRO (a standard to transfer insurance data) with Secure
Conversation. 

The BiPRO-standard says that WSDL of the STS has to look something like
this: 

<?xml version="1.0" encoding="UTF-8"?> 
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
                  xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap/"
                  xmlns:bipro="http://www.bipro.net/namespace"
                  xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
                  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  targetNamespace="http://www.bipro.net/namespace"
                  bipro:Name="SecurityTokenService_2.5.0.1.0.wsdl" 
                  bipro:Version="2.5.0.1.0">
   <wsdl:types>
      <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
                  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                  version="1.0">
         <xsd:import namespace="http://schemas.xmlsoap.org/ws/2005/02/trust"
                    
schemaLocation="http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.xsd"/>
      </xsd:schema>
      <xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
                  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                  version="1.0">
         <xsd:import
namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
                    
schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd"/>
      </xsd:schema>
   </wsdl:types>
   <wsdl:message name="RequestSecurityTokenRequest">
      <wsdl:part name="parameters" element="wst:RequestSecurityToken"/>
   </wsdl:message>
   <wsdl:message name="RequestSecurityTokenResponse">
      <wsdl:part name="parameters"
element="wst:RequestSecurityTokenResponse"/>
   </wsdl:message>
   <wsdl:portType name="SecurityTokenServicePortType">
      <wsdl:operation name="RequestSecurityToken"
parameterOrder="parameters">
         <wsdl:documentation>
Dieser Service gibt nach erfolgreicher Authentifizierung ein Security Token
(Security Context Token) zurueck. Die Authentifizierung kann dabei entweder
mit Benutzername und Passwort oder mit einem VDG-Ticket erfolgen. 
                        </wsdl:documentation>
         <wsdl:input message="bipro:RequestSecurityTokenRequest"
name="RequestSecurityTokenRequest"/>
         <wsdl:output message="bipro:RequestSecurityTokenResponse" 
                      name="RequestSecurityTokenResponse"/>
      </wsdl:operation>
   </wsdl:portType>
   <wsdl:binding name="SecurityTokenServiceBinding"
type="bipro:SecurityTokenServicePortType">
      <soapbind:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
      
      <wsdl:operation name="RequestSecurityToken">
         <soapbind:operation soapAction="urn:RequestSecurityToken"
style="document"/>
         <wsdl:input name="RequestSecurityTokenRequest">
            <soapbind:body use="literal"/>
         </wsdl:input>
         <wsdl:output name="RequestSecurityTokenResponse">
            <soapbind:body use="literal"/>
         </wsdl:output>
      </wsdl:operation>
   </wsdl:binding>
   <wsdl:service name="SecurityTokenService_2.5.0.1.0">
      <wsdl:documentation>
                        Dieser Service stellt Funktionen fuer die
Authentifizierung 
                        mit Benutzername und Passwort oder mit einem
VDG-Ticket zur Verfuegung. 
                </wsdl:documentation>
      <wsdl:port name="UserPasswordLogin"
binding="bipro:SecurityTokenServiceBinding">
         <wsdl:documentation>
                                Diese Funktion erledigt die
Authentifizierung mit Benutzername und Passwort. 
                        </wsdl:documentation>
         <soapbind:address
location="https://host/path/services/UserPasswordLogin_2.5.0.1.0"/>
      </wsdl:port>
      <wsdl:port name="VDGTicketLogin"
binding="bipro:SecurityTokenServiceBinding">
         <wsdl:documentation>
                                Diese Funktion erledigt die
Authentifizierung mit einem VDG-Ticket. 
                        </wsdl:documentation>
         <wsp:PolicyReference URI="#VDGAuthPolicy"/>
         <soapbind:address
location="https://host/path/services/VDGTicketLogin_2.5.0.1.0"/>
      </wsdl:port>
   </wsdl:service>
</wsdl:definitions>

After the wsdl was deployed I generated a SoapUI-request to call the STS for
token. 
My request looks like this: 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <soap:Header/>
        <soap:Body>
                <wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
                       
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
                       
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
                        <nachr:BiPROVersion
xmlns:nachr="http://www.bipro.net/namespace/nachrichten">2.5.0.1.0</nachr:BiPROVersion>
                </wst:RequestSecurityToken>
        <soap:Body>
<soap:Envelope>

At the first step I try to get the STS work with this WSDL without security.
So I uncommented the policies. 
In cxf-servlet.xml I added this: 

<bean id="mySTSProviderBean" 
    class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider">
    <property name="stsProperties" ref="mySTSProperties" />
    <property name="services" ref="myServiceList" />
    <property name="issueOperation" ref="utIssueDelegate"/>
</bean>

<bean id="utIssueDelegate" 
        class="org.apache.cxf.sts.operation.TokenIssueOperation">
        <property name="tokenProviders" ref="utSCTokenProvider"/>
</bean>

<bean id="utSCTokenProvider" 
        class="org.apache.cxf.sts.token.provider.SCTProvider">
</bean>

<bean id="mySTSProperties" class="org.apache.cxf.sts.StaticSTSProperties" />

<jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean" 
        address="/STS"
wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl" 
        xmlns:ns1="http://www.bipro.net/namespace"
        serviceName="ns1:SecurityTokenService_2.5.0.1.0"
endpointName="ns1:UserPasswordLogin">
</jaxws:endpoint>

Without the delegation of the issueOperation the request-operation could not
been processed with the message "The specified RequestSecurityToken is not
understood". 

With this config above, I got the message "No STSProperties object found". I
tried to set empty StaticSTSProperties as well as full filled ones. 

Please, could someone give me a hint whats wrong with my configuration, or
rather what I have to do to get a simple SCT from a STS with the WSDL
explained above. 

Thank you very much, 
SRog



--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-STS-with-SecureConversation-tp5748092.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message