cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pat7 <pat.pichle...@gmail.com>
Subject Re: These policy alternatives can not be satisfied:
Date Wed, 16 Aug 2017 12:25:40 GMT
Hi,

I try to configure the service provider with the following steps and not
sure if it is correct:

I adapt my policy in the transfer service wsdl with the following issuer tag
....
<sp:SymmetricBinding>
        <wsp:Policy>
            <sp:ProtectionToken>
                  <wsp:Policy>
                      <sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                             <sp:Issuer> 
			
<wsa:Address>https://localhost:8443/SecurityTokenService-2.6.0.1.0</wsa:Address>
			       </sp:Issuer>
				<wsp:Policy>
                                        <sp:RequireDerivedKeys/>
                                        <sp:BootstrapPolicy>
                                            <wsp:Policy>
                                                <sp:AsymmetricBinding>
                                                      ...
and in the second step with the following bean definitions:
       @Bean
	public List<String> transportEndpoints(){
		List<String> transportendpoints = new ArrayList<String>();
	
transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0"); 
		return transportendpoints;
	}
       @Bean
	public StaticService transportService(){
		StaticService staticservice = new StaticService();
		staticservice.setEndpoints(transportEndpoints());
		return staticservice;
	}
       @Bean
	public List<ServiceMBean> transportServices(){
		List<ServiceMBean> serviceMBean = new ArrayList<ServiceMBean>();
		serviceMBean.add(transportService());
		return serviceMBean;
	}
The last bean transportServices is set in the beans tokenissueoperation and
tokenvalidateoperation. Hope this both steps are correct to send the
received SecurityContextToken off to the STS for validation.

For me it is no clear how to use my configured STS as a standalone STS. Do I
have to do more configuration on the service side to establish a standalone
STS or all stuff have to be done at the client/ test case side?

Regards,
Patrick



--
View this message in context: http://cxf.547215.n5.nabble.com/These-policy-alternatives-can-not-be-satisfied-tp5782647p5782728.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message