How does one use a usernametoken with picketlink sts in a jboss?
m.r. Aug 1, 2011 8:27 AMHi
I already asked the same Question on stackoverflow (http://stackoverflow.com/questions/6860385/how-does-one-use-a-usernametoken-with-picketlink-sts-in-a-jboss). Since there were no replys, I hope that someone here could help me.
I am implementing a picketlink (1.0.4) STS in a JBOSS (5.1).
Since I am replacing an existing STS, I am not allowed to use http header for authorisation.
A example STS Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</soapenv:Header>
<soapenv:Body>
<ns4:RequestSecurityTokenCollection xmlns="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns5="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns6="http://www.w3.org/2000/09/xmldsig#">
<ns4:RequestSecurityToken>
<ns4:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd/UsernameToken</ns4:TokenType>
<ns4:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue</ns4:RequestType>
</ns4:RequestSecurityToken>
</ns4:RequestSecurityTokenCollection>
</soapenv:Body>
The Element UsernameToken in the Soap-Header is ignored.
I am deploying an ear file with a war file inside. I have also tried to define:
".war"/WEB_INF/jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
<jboss-web>
<!-- A security domain that restricts access -->
<security-domain>java:/jaas/jmx-console</security-domain>
<!-- <context-root>jbossws</context-root> -->
</jboss-web>
".war"/WEB_INF/jboss-wsse-server.xml
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws- security/schema/jboss-ws-security_1_0.xsd">
<config>
<requires/>
</config>
</jboss-ws-security>
picketlink-sts.xml
<?xml version="1.0" encoding="UTF-8"?>
<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" STSName="STS" TokenTimeout="14400" EncryptToken="true">
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="sts_keystore.jks"/>
<Auth Key="KeyStorePass" Value="testpass"/>
<Auth Key="SigningKeyAlias" Value="sts"/>
<Auth Key="SigningKeyPass" Value="keypass"/>
<!-- <ValidatingAlias Key="http://services.testcorp.org/provider1" -->
<!-- Value="service1" /> -->
</KeyProvider>
<TokenProviders>
<TokenProvider ProviderClass="my.company.SecurityTokenProvider" TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd/UsernameToken">
<Property Name="Property1" Value="Value1"/>
<Property Name="Property2" Value="Value2"/>
</TokenProvider>
<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
</TokenProviders>
</PicketLinkSTS>
I cannot access the soap header inside my SecurityTokenProvider:
public void issueToken(WSTrustRequestContext context)
throws WSTrustException {