You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Tom Schrötter <to...@yahoo.de> on 2009/01/26 16:26:19 UTC
STS with Username Token Authentification
Hello everyone!
Beeing fairly new to the webservice world in general and Rampart specifically, I'm currently stuck at what should be a simple problem (and probably is).
I'm trying to set up a Security Token Service which will issue a SAML Token to a client based on a plain username/password authentification.
I've tried to adapt the samples/policy/sample05 that comes with Rampart but could not make it work.
Basically I'm a little lost in how to configure the STS to only require a username token and no X509 token.
I'd appreciate if someone could point me in the right direction here.
Thank you very much in advance,
have a nice day
Tom Schroetter
Re: STS with Username Token Authentification
Posted by Petter Olsson <pe...@student.liu.se>.
Hello!
I'm no expert, but I've made a simple implementation of exactly what you are
asking for. I can send the policy (services.xml) for the STS and code for
the password callback handler, hope it helps.
//password callback handler
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
if(userDB.get(pwcb.getIdentifer()).equals(pwcb.getPassword())) {
return;
} else {
throw new UnsupportedCallbackException(callbacks[i],
"check failed");
}
}
}
/Petter
2009/1/26 Tom Schr�tter <to...@yahoo.de>
> Hello everyone!
>
> Beeing fairly new to the webservice world in general and Rampart
> specifically, I'm currently stuck at what should be a simple problem (and
> probably is).
> I'm trying to set up a Security Token Service which will issue a SAML Token
> to a client based on a plain username/password authentification.
> I've tried to adapt the samples/policy/sample05 that comes with Rampart but
> could not make it work.
>
> Basically I'm a little lost in how to configure the STS to only require a
> username token and no X509 token.
>
> I'd appreciate if someone could point me in the right direction here.
>
>
> Thank you very much in advance,
> have a nice day
>
> Tom Schroetter
>
>
>
>