2 Replies Latest reply on Nov 21, 2012 2:03 PM by vijaya baskar viswanathan

    How does one use a usernametoken with picketlink sts in a jboss?

    m.r. Newbie

      Hi

       

      I already asked the same Question on stackoverflow (http://stackoverflow.com/questions/6860385/how-does-one-use-a-usernametoken-with-picketlink-sts-in-a-jboss). Since there were no replys, I hope that someone here could help me.

       

       

      I am implementing a picketlink (1.0.4) STS in a JBOSS (5.1).

      Since I am replacing an existing STS, I am not allowed to use http header for authorisation.

      A example STS Request:

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">    
      <soapenv:Header>       
         
      <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >           
             
      <wsse:Username>username</wsse:Username>           
             
      <wsse:Password>password</wsse:Password>       
         
      </wsse:UsernameToken>   
      </soapenv:Header>   
      <soapenv:Body>       
      <ns4:RequestSecurityTokenCollection xmlns="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns5="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns6="http://www.w3.org/2000/09/xmldsig#">
       
      <ns4:RequestSecurityToken>
         
      <ns4:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd/UsernameToken</ns4:TokenType>
         
      <ns4:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue</ns4:RequestType>
       
      </ns4:RequestSecurityToken>
      </ns4:RequestSecurityTokenCollection>
      </soapenv:Body>

       

      The Element UsernameToken in the Soap-Header is ignored.

      I am deploying an ear file with a war file inside. I have also tried to define:

      ".war"/WEB_INF/jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss-web
      PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
      "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

      <jboss-web>
      <!-- A security domain that restricts access -->
      <security-domain>java:/jaas/jmx-console</security-domain>
      <!--   <context-root>jbossws</context-root> -->

      </jboss-web>

      ".war"/WEB_INF/jboss-wsse-server.xml

       

        <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        
      xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-  security/schema/jboss-ws-security_1_0.xsd">
        
      <config>
           
      <requires/>
       
      </config>
         
      </jboss-ws-security>

      picketlink-sts.xml

        <?xml version="1.0" encoding="UTF-8"?>
      <PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" STSName="STS"  TokenTimeout="14400" EncryptToken="true">
      <KeyProvider   ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
       
      <Auth Key="KeyStoreURL" Value="sts_keystore.jks"/>
      <Auth Key="KeyStorePass" Value="testpass"/>
      <Auth Key="SigningKeyAlias" Value="sts"/>
      <Auth Key="SigningKeyPass" Value="keypass"/>
      <!--       <ValidatingAlias Key="http://services.testcorp.org/provider1" -->
       
      <!--      Value="service1" /> -->
      </KeyProvider>
      <TokenProviders>
      <TokenProvider ProviderClass="my.company.SecurityTokenProvider"  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd/UsernameToken">
        
      <Property Name="Property1" Value="Value1"/>
        
      <Property Name="Property2" Value="Value2"/>
      </TokenProvider>
       
      <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
      </TokenProviders>
      </PicketLinkSTS>

      I cannot access the soap header inside my SecurityTokenProvider:

       public void issueToken(WSTrustRequestContext context)
             
      throws WSTrustException {