STS Token validation over JMS Binding
Hi All,
Can you please tell me if i can validate the STS token with JMS binding in switchyard 1.1.
I have a scenario where the consumer puts the soap message with STS saml token in to an MQ(Hornet Q).
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_d2c3b84d-516f-4c9b-9368-c3fb65c5328e" IssueInstant="2016-04-19T15:31:51.308Z" Version="2.0">
<saml:Issuer>PicketLinkSTS</saml:Issuer>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#ID_d2c3b84d-516f-4c9b-9368-c3fb65c5328e">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Bjd6ccb2d7cvzjGuLyFQSh9dKf8=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>QALMswaYtJjKJrGdwxCzOuQW02sGN3c6snQPRJhUfCOIfmp5fSmgBGmzDgO43aO7jaHv4zpPeb/RV25x7WQn4J/puORj8WxJLqaPGGobxxY87REpdv3DPRJIKK5fB7Hk2m1ugFrx+iJYXKivSYiAZPVZ31RghCKRga0HN+NjUKI=</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKwlYGGtrP5VQv00dfNPbs=</dsig:Modulus>
<dsig:Exponent>AQAB</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
<saml:Subject>
<saml:NameID NameQualifier="urn:picketlink:identity-federation">UserB</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml:Subject>
<saml:Conditions NotBefore="2016-04-19T15:31:51.308Z" NotOnOrAfter="2016-04-19T17:31:51.308Z"/>
<saml:AuthnStatement AuthnInstant="2016-04-19T15:31:51.308Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:cm:bearer</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<urn:Input xmlns:urn="urn:InsurInqIMP">
<urn:policy>
<urn:POLTYP>POTT</urn:POLTYP>
<urn:POLBRP>MN</urn:POLBRP>
<urn:POLNOP>123456</urn:POLNOP>
</urn:policy>
<urn:insurer>
<urn:INSNOP>123456</urn:INSNOP>
</urn:insurer>
</urn:Input>
</soapenv:Body>
</soapenv:Envelope>
I need to validate the STS Token and process the message only if it is valid.
i had a look in to the sample quickstart policy-security-saml and it is quickstart working fine.
I had tried in similar way by adding the security callbackHandler and added the security policy for clientAuthentication
<sy:securities>
<sy:security callbackHandler="org.switchyard.security.jboss.callback.handler.STSTokenCallbackHandler" securityDomain="saml-validate-token"/>
</sy:securities>
______________________________________________________________________________________________________________________________
<sca:service name="AsyncConRQ" requires="clientAuthentication">
<sy:interface.esb inputType="java.lang.String" outputType="java.lang.String"/>
</sca:service>
It is not validating and i tried debugging the application in STSTokenCallbackHandler the security crentials are returned blank.
Set<Credential> credentials = getCredentials();
Can you please help me.
