Hi there,
I am new to Security Token Service in CXF, so please excuse my newbie
questions to that topic. I try to configure a simple STS which satisfys the
need of BiPRO (a standard to transfer insurance data) with Secure
Conversation.
The BiPRO-standard says that WSDL of the STS has to look something like
this:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:bipro="http://www.bipro.net/namespace"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
targetNamespace="http://www.bipro.net/namespace"
bipro:Name="SecurityTokenService_2.5.0.1.0.wsdl"
bipro:Version="2.5.0.1.0">
<wsdl:types>
<xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
version="1.0">
<xsd:import namespace="http://schemas.xmlsoap.org/ws/2005/02/trust"
schemaLocation="http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.xsd"/>
</xsd:schema>
<xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
version="1.0">
<xsd:import
namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="RequestSecurityTokenRequest">
<wsdl:part name="parameters" element="wst:RequestSecurityToken"/>
</wsdl:message>
<wsdl:message name="RequestSecurityTokenResponse">
<wsdl:part name="parameters"
element="wst:RequestSecurityTokenResponse"/>
</wsdl:message>
<wsdl:portType name="SecurityTokenServicePortType">
<wsdl:operation name="RequestSecurityToken"
parameterOrder="parameters">
<wsdl:documentation>
Dieser Service gibt nach erfolgreicher Authentifizierung ein Security Token
(Security Context Token) zurueck. Die Authentifizierung kann dabei entweder
mit Benutzername und Passwort oder mit einem VDG-Ticket erfolgen.
</wsdl:documentation>
<wsdl:input message="bipro:RequestSecurityTokenRequest"
name="RequestSecurityTokenRequest"/>
<wsdl:output message="bipro:RequestSecurityTokenResponse"
name="RequestSecurityTokenResponse"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="SecurityTokenServiceBinding"
type="bipro:SecurityTokenServicePortType">
<soapbind:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="RequestSecurityToken">
<soapbind:operation soapAction="urn:RequestSecurityToken"
style="document"/>
<wsdl:input name="RequestSecurityTokenRequest">
<soapbind:body use="literal"/>
</wsdl:input>
<wsdl:output name="RequestSecurityTokenResponse">
<soapbind:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityTokenService_2.5.0.1.0">
<wsdl:documentation>
Dieser Service stellt Funktionen fuer die
Authentifizierung
mit Benutzername und Passwort oder mit einem
VDG-Ticket zur Verfuegung.
</wsdl:documentation>
<wsdl:port name="UserPasswordLogin"
binding="bipro:SecurityTokenServiceBinding">
<wsdl:documentation>
Diese Funktion erledigt die
Authentifizierung mit Benutzername und Passwort.
</wsdl:documentation>
<soapbind:address
location="https://host/path/services/UserPasswordLogin_2.5.0.1.0"/>
</wsdl:port>
<wsdl:port name="VDGTicketLogin"
binding="bipro:SecurityTokenServiceBinding">
<wsdl:documentation>
Diese Funktion erledigt die
Authentifizierung mit einem VDG-Ticket.
</wsdl:documentation>
<wsp:PolicyReference URI="#VDGAuthPolicy"/>
<soapbind:address
location="https://host/path/services/VDGTicketLogin_2.5.0.1.0"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
After the wsdl was deployed I generated a SoapUI-request to call the STS for
token.
My request looks like this:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header/>
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<nachr:BiPROVersion
xmlns:nachr="http://www.bipro.net/namespace/nachrichten">2.5.0.1.0</nachr:BiPROVersion>
</wst:RequestSecurityToken>
<soap:Body>
<soap:Envelope>
At the first step I try to get the STS work with this WSDL without security.
So I uncommented the policies.
In cxf-servlet.xml I added this:
<bean id="mySTSProviderBean"
class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider">
<property name="stsProperties" ref="mySTSProperties" />
<property name="services" ref="myServiceList" />
<property name="issueOperation" ref="utIssueDelegate"/>
</bean>
<bean id="utIssueDelegate"
class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="utSCTokenProvider"/>
</bean>
<bean id="utSCTokenProvider"
class="org.apache.cxf.sts.token.provider.SCTProvider">
</bean>
<bean id="mySTSProperties" class="org.apache.cxf.sts.StaticSTSProperties" />
<jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean"
address="/STS"
wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl"
xmlns:ns1="http://www.bipro.net/namespace"
serviceName="ns1:SecurityTokenService_2.5.0.1.0"
endpointName="ns1:UserPasswordLogin">
</jaxws:endpoint>
Without the delegation of the issueOperation the request-operation could not
been processed with the message "The specified RequestSecurityToken is not
understood".
With this config above, I got the message "No STSProperties object found". I
tried to set empty StaticSTSProperties as well as full filled ones.
Please, could someone give me a hint whats wrong with my configuration, or
rather what I have to do to get a simple SCT from a STS with the WSDL
explained above.
Thank you very much,
SRog
I am new to Security Token Service in CXF, so please excuse my newbie
questions to that topic. I try to configure a simple STS which satisfys the
need of BiPRO (a standard to transfer insurance data) with Secure
Conversation.
The BiPRO-standard says that WSDL of the STS has to look something like
this:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:bipro="http://www.bipro.net/namespace"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
targetNamespace="http://www.bipro.net/namespace"
bipro:Name="SecurityTokenService_2.5.0.1.0.wsdl"
bipro:Version="2.5.0.1.0">
<wsdl:types>
<xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
version="1.0">
<xsd:import namespace="http://schemas.xmlsoap.org/ws/2005/02/trust"
schemaLocation="http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.xsd"/>
</xsd:schema>
<xsd:schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
version="1.0">
<xsd:import
namespace="http://schemas.xmlsoap.org/ws/2004/09/policy"
schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="RequestSecurityTokenRequest">
<wsdl:part name="parameters" element="wst:RequestSecurityToken"/>
</wsdl:message>
<wsdl:message name="RequestSecurityTokenResponse">
<wsdl:part name="parameters"
element="wst:RequestSecurityTokenResponse"/>
</wsdl:message>
<wsdl:portType name="SecurityTokenServicePortType">
<wsdl:operation name="RequestSecurityToken"
parameterOrder="parameters">
<wsdl:documentation>
Dieser Service gibt nach erfolgreicher Authentifizierung ein Security Token
(Security Context Token) zurueck. Die Authentifizierung kann dabei entweder
mit Benutzername und Passwort oder mit einem VDG-Ticket erfolgen.
</wsdl:documentation>
<wsdl:input message="bipro:RequestSecurityTokenRequest"
name="RequestSecurityTokenRequest"/>
<wsdl:output message="bipro:RequestSecurityTokenResponse"
name="RequestSecurityTokenResponse"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="SecurityTokenServiceBinding"
type="bipro:SecurityTokenServicePortType">
<soapbind:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="RequestSecurityToken">
<soapbind:operation soapAction="urn:RequestSecurityToken"
style="document"/>
<wsdl:input name="RequestSecurityTokenRequest">
<soapbind:body use="literal"/>
</wsdl:input>
<wsdl:output name="RequestSecurityTokenResponse">
<soapbind:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityTokenService_2.5.0.1.0">
<wsdl:documentation>
Dieser Service stellt Funktionen fuer die
Authentifizierung
mit Benutzername und Passwort oder mit einem
VDG-Ticket zur Verfuegung.
</wsdl:documentation>
<wsdl:port name="UserPasswordLogin"
binding="bipro:SecurityTokenServiceBinding">
<wsdl:documentation>
Diese Funktion erledigt die
Authentifizierung mit Benutzername und Passwort.
</wsdl:documentation>
<soapbind:address
location="https://host/path/services/UserPasswordLogin_2.5.0.1.0"/>
</wsdl:port>
<wsdl:port name="VDGTicketLogin"
binding="bipro:SecurityTokenServiceBinding">
<wsdl:documentation>
Diese Funktion erledigt die
Authentifizierung mit einem VDG-Ticket.
</wsdl:documentation>
<wsp:PolicyReference URI="#VDGAuthPolicy"/>
<soapbind:address
location="https://host/path/services/VDGTicketLogin_2.5.0.1.0"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
After the wsdl was deployed I generated a SoapUI-request to call the STS for
token.
My request looks like this:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header/>
<soap:Body>
<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<nachr:BiPROVersion
xmlns:nachr="http://www.bipro.net/namespace/nachrichten">2.5.0.1.0</nachr:BiPROVersion>
</wst:RequestSecurityToken>
<soap:Body>
<soap:Envelope>
At the first step I try to get the STS work with this WSDL without security.
So I uncommented the policies.
In cxf-servlet.xml I added this:
<bean id="mySTSProviderBean"
class="org.apache.cxf.sts.provider.DefaultSecurityTokenServiceProvider">
<property name="stsProperties" ref="mySTSProperties" />
<property name="services" ref="myServiceList" />
<property name="issueOperation" ref="utIssueDelegate"/>
</bean>
<bean id="utIssueDelegate"
class="org.apache.cxf.sts.operation.TokenIssueOperation">
<property name="tokenProviders" ref="utSCTokenProvider"/>
</bean>
<bean id="utSCTokenProvider"
class="org.apache.cxf.sts.token.provider.SCTProvider">
</bean>
<bean id="mySTSProperties" class="org.apache.cxf.sts.StaticSTSProperties" />
<jaxws:endpoint id="CXFSTS" implementor="#mySTSProviderBean"
address="/STS"
wsdlLocation="/WEB-INF/wsdl/bipro/SecurityTokenService-2.5.0.1.0.wsdl"
xmlns:ns1="http://www.bipro.net/namespace"
serviceName="ns1:SecurityTokenService_2.5.0.1.0"
endpointName="ns1:UserPasswordLogin">
</jaxws:endpoint>
Without the delegation of the issueOperation the request-operation could not
been processed with the message "The specified RequestSecurityToken is not
understood".
With this config above, I got the message "No STSProperties object found". I
tried to set empty StaticSTSProperties as well as full filled ones.
Please, could someone give me a hint whats wrong with my configuration, or
rather what I have to do to get a simple SCT from a STS with the WSDL
explained above.
Thank you very much,
SRog