You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Tom Schrötter <to...@yahoo.de> on 2009/01/26 16:26:19 UTC

STS with Username Token Authentification

Hello everyone!

Beeing fairly new to the webservice world in general and Rampart specifically, I'm currently stuck at what should be a simple problem (and probably is).
I'm trying to set up a Security Token Service which will issue a SAML Token to a client based on a plain username/password authentification.
I've tried to adapt the samples/policy/sample05 that comes with Rampart but could not make it work.

Basically I'm a little lost in how to configure the STS to only require a username token and no X509 token.

I'd appreciate if someone could point me in the right direction here.


Thank you very much in advance,
have a nice day

Tom Schroetter

Re: STS with Username Token Authentification

Posted by Petter Olsson <pe...@student.liu.se>.

Hello!

I'm no expert, but I've made a simple implementation of exactly what you are
asking for. I can send the policy (services.xml) for the STS and code for
the password callback handler, hope it helps.

//password callback handler
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++)  {
        WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

        if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {

if(userDB.get(pwcb.getIdentifer()).equals(pwcb.getPassword())) {
                    return;
                } else {
                    throw new UnsupportedCallbackException(callbacks[i],
"check failed");
                }
       }
}

/Petter

2009/1/26 Tom Schr�tter <to...@yahoo.de>

> Hello everyone!
>
> Beeing fairly new to the webservice world in general and Rampart
> specifically, I'm currently stuck at what should be a simple problem (and
> probably is).
> I'm trying to set up a Security Token Service which will issue a SAML Token
> to a client based on a plain username/password authentification.
> I've tried to adapt the samples/policy/sample05 that comes with Rampart but
> could not make it work.
>
> Basically I'm a little lost in how to configure the STS to only require a
> username token and no X509 token.
>
> I'd appreciate if someone could point me in the right direction here.
>
>
> Thank you very much in advance,
> have a nice day
>
> Tom Schroetter
>
>
>
>