You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by patch_78 <pa...@hotmail.com> on 2013/06/06 11:13:19 UTC
Get Security Token
Hi,
I am a newbie. I follow the example at
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial.
I have a web service that use policy sp:IssuedToken from a STS.
On my web app calling the web service, I define the STS class in the cxf.xml
as
<jaxws:properties>
<entry key="ws-security.sts.client">
<bean class="org.apache.cxf.ws.security.trust.STSClient">
....
</bean></entry></jaxws:properties>
This is code on my web app is
DataStorageService service = new DataStorageService();
DataStoragePortType port = service.getDataStoragePort();
How can I get security token got from the STS?
patch
--
View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by Glen Mazza <gl...@gmail.com>.
Thanks for letting us know -- I updated my STS blog article with a link
to this email.
Glen
On 06/06/2013 10:07 AM, patch_78 wrote:
> Hi everyone,
>
> Back to my original question, I found how to get the security token. Here it
> is (for someone who has the same question as me)
>
> Client client = ClientProxy.getClient(port);
> Endpoint ep = client.getEndpoint();
> String id = (String)ep.get(SecurityConstants.TOKEN_ID);
> TokenStore store =
> (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
> SecurityToken tok = store.getToken(id);
> Element e = tok.getToken();
>
> System.out.println("******************** TOKEN ********************");
> System.out.println(DOM2Writer.nodeToString(e));
> System.out.println("******************** TOKEN ********************");
>
> patch
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728850.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by patch_78 <pa...@hotmail.com>.
Hi everyone,
Back to my original question, I found how to get the security token. Here it
is (for someone who has the same question as me)
Client client = ClientProxy.getClient(port);
Endpoint ep = client.getEndpoint();
String id = (String)ep.get(SecurityConstants.TOKEN_ID);
TokenStore store =
(TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
SecurityToken tok = store.getToken(id);
Element e = tok.getToken();
System.out.println("******************** TOKEN ********************");
System.out.println(DOM2Writer.nodeToString(e));
System.out.println("******************** TOKEN ********************");
patch
--
View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728850.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by patch_78 <pa...@hotmail.com>.
Hi Ivan,
Thanks a lot for your explanation and offer! I also have 3 tomcat instances
and managed to get it work as same as you.
But in my requirement, step 1) is not the same as the
examples\wsclientWebapp\
+++++++++++++++++++++++++
1) When you log in to the web application (c), a SAML token is aquired from
the IDP/STS.
(When you use Fediz with the Tomcat plugin for instance, you get a
FederationPrincipal by calling HttpServletRequest.getUserPrincipal(). By
using the FederationPrincipal, you access the claims in the SAML token. You
can also access the whole token, if you put it into ThreadLocal from a
servlet filter - also in the example).
+++++++++++++++++++++++++
In my requirement the user is authenticated by an external identity provider
based on SSO protocol.
patch
--
View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728843.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by Iván Brencsics <iv...@gmail.com>.
Hi patch,
Maybe I am not the best one to answer your question, but let me explain in
more detail what happens in wsclientWebapp.
You have 3 tomcat instances: a) runs the CXF STS and Fediz IDP, b) runs the
web service that requires a SAML token, c) runs the web application that is
a client to the web service in (b)
1) When you log in to the web application (c), a SAML token is aquired from
the IDP/STS.
(When you use Fediz with the Tomcat plugin for instance, you get a
FederationPrincipal by calling HttpServletRequest.getUserPrincipal(). By
using the FederationPrincipal, you access the claims in the SAML token. You
can also access the whole token, if you put it into ThreadLocal from a
servlet filter - also in the example).
2) After logged in, when you call from the web application (c) the web
service (b), a new token request is sent to the STS (a) directly (so no IDP
is needed). The request contains the current SAML token as OnBehalOf.
3) The STS prepares a new token, and sends it back
4) The web application (c) calls the web service (b) by sending the second
SAML token.
----
I have the feeling this is your scenario. But as I said, I am also kind of
new in this topic. If you need, I can send you my three Tomcat instances,
and with them you can try the above mentioned steps.
Cheers,
Ivan
2013/6/6 patch_78 <pa...@hotmail.com>
> Hi Ivan,
>
> I am still confused how the examples\wsclientWebapp\ fits my requirement.
> It
> would be very helpful if you can point out based on my requirement
> described
> previously.
>
> FYI,
> in step 1) the user is authenticated by an external identity provider based
> on SSO protocol. I implemented this with Spring Security - SAML extension
> and managed to get SAML2 token.
> After step 1) there is no IDP need, only STS/web service that issues
> another
> SAML token based on the one got from step 1).
>
> Thanks!
> patch
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728838.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Get Security Token
Posted by patch_78 <pa...@hotmail.com>.
Hi Ivan,
I am still confused how the examples\wsclientWebapp\ fits my requirement. It
would be very helpful if you can point out based on my requirement described
previously.
FYI,
in step 1) the user is authenticated by an external identity provider based
on SSO protocol. I implemented this with Spring Security - SAML extension
and managed to get SAML2 token.
After step 1) there is no IDP need, only STS/web service that issues another
SAML token based on the one got from step 1).
Thanks!
patch
--
View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728838.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by Iván Brencsics <iv...@gmail.com>.
I think examples\wsclientWebapp\ does exactly what you need. When you log
into it, it acquires a SAML token from the IDP. Then when you press a
button on the web GUI, it aquires a new token OnBehalOf the previous one,
and uses this second token to call the web service. And finally it
displayes the SAML token information. You can use container specific
(Tomcat, Jetty) plugins to access the SAML token internals, or use Spring
Security.
2013/6/6 patch_78 <pa...@hotmail.com>
> Hi Ivan,
>
> I tried Apache CXF Fediz already. It does not exactly fit my requirements.
> Thanks anyway!
>
> I got the requirement as:
> 1) user will be authenticated by an external identity provider and get
> SAML2
> token. This will be done during the client logins using a Web interface.
> 2) the SAML2 token from 1) (or a part of it) is used by the Web interface
> to
> get another SAML2 token from a web service.
> 3) the SAML2 token from 2) will be used by the Web interface when it calls
> other web services for other services.
>
> I follow the example at
> http://www.jroller.com/gmazza/entry/cxf_sts_tutorial, and tried to do some
> customization to implement step 2 and 3.
>
> patch
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728827.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Get Security Token
Posted by patch_78 <pa...@hotmail.com>.
Hi Ivan,
I tried Apache CXF Fediz already. It does not exactly fit my requirements.
Thanks anyway!
I got the requirement as:
1) user will be authenticated by an external identity provider and get SAML2
token. This will be done during the client logins using a Web interface.
2) the SAML2 token from 1) (or a part of it) is used by the Web interface to
get another SAML2 token from a web service.
3) the SAML2 token from 2) will be used by the Web interface when it calls
other web services for other services.
I follow the example at
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial, and tried to do some
customization to implement step 2 and 3.
patch
--
View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728827.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Get Security Token
Posted by Iván Brencsics <iv...@gmail.com>.
Hi,
I am also new, but I think I already managed to make running what you just
need. However, it has been quite a long procedure.
You need the Apache CXF Fediz for this. You can check it out from here:
https://github.com/apache/cxf-fediz
Then the best way is to go through almost all the blog entries by Oliver,
starting from the beginning:
http://owulff.blogspot.de/2011/10/configure-and-deploy-cxf-25-sts-part-i.html
You need to make running everything one by one: first the STS, then the
IDP, then a relying party (RP), and finally a web service / web service
client. If you follow the blogs, finally you can make running the
examples\wsclientWebapp\ example, that does what you need:
- there is an IDP/STS running on a Tomcat
- another Tomcat is running a web service that needs a SAML IssuedToken
- another Tomcat is running a web application that calls the previous web
service (first acquires a SAML token), and finally visualizes the token and
the web service result in the browser.
Please tell, if I can help you further.
Cheers,
Ivan
2013/6/6 patch_78 <pa...@hotmail.com>
> Hi,
>
> I am a newbie. I follow the example at
> http://www.jroller.com/gmazza/entry/cxf_sts_tutorial.
>
> I have a web service that use policy sp:IssuedToken from a STS.
> On my web app calling the web service, I define the STS class in the
> cxf.xml
> as
> <jaxws:properties>
> <entry key="ws-security.sts.client">
> <bean class="org.apache.cxf.ws.security.trust.STSClient">
> ....
> </bean></entry></jaxws:properties>
>
> This is code on my web app is
> DataStorageService service = new DataStorageService();
> DataStoragePortType port = service.getDataStoragePort();
>
> How can I get security token got from the STS?
>
> patch
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>