You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "qatada.abbas" <qm...@whispir.com> on 2013/12/04 00:58:27 UTC
CXF STSClient
Hi
I am very new WS Trus security system. I have been trying to write a
STSClient for a webservice client.
The security system requires us to get token from one server then use that
token to get token from another server. And the final token could be used to
call the actual webservice.
The first service works based on username and password and i was able to
write STSClient for that and get the token my code looks like the following
Bus bus = BusFactory.getDefaultBus();
List<AbstractFeature> features = new
ArrayList<AbstractFeature>();
features.add(new WSAddressingFeature());
features.add(new LoggingFeature());
WSPolicyFeature featuren = new WSPolicyFeature();
features.add(new WSPolicyFeature());
for(AbstractFeature feature : features) {
feature.initialize(bus);
}
STSClient client = new STSClient(bus);
client.setLocation("https://****/logon/Service.svc/Username");
client.setRequiresEntropy(false);
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("user","username");
properties.put("passwordCallbackRef",new
ClientCallbackHandler());
properties.put("passwordType", "PasswordText");
properties.put("action", "UsernameToken");
List interceptorList= new ArrayList();
WSS4JOutInterceptor interceptor = new
WSS4JOutInterceptor(properties);
interceptorList.add(interceptor);
client.setOutInterceptors(interceptorList);
client.setEnableLifetime(true);
client.setEnableAppliesTo(true);
client.getProperties().putAll(properties);
client.setFeatures(features);
client.setSoap12();
client.setWspNamespace(null);
client.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
client.setTrust(new Trust13(SP11Constants.INSTANCE));
SecurityToken securityToken =
client.requestSecurityToken("***/trust13
issuedtokenmixedsymmetricbasic256");
The SOAP response looks like
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityTokenResponseCollection
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse>
<trust:KeySize>256</trust:KeySize>
<trust:Lifetime>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-12-01T23:23:12.755Z</wsu:Created>
<wsu:Expires
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-12-02T07:23:12.755Z</wsu:Expires>
</trust:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>.../adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>....</X509IssuerName>
<X509SerialNumber>....</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>..CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue></xenc:CipherData>
</xenc:EncryptedData>
</trust:RequestedSecurityToken>
<trust:RequestedProofToken>
<trust:BinarySecret>QJKlX/UMNc9zJTbMYlDnbXyHSecGO3mdgjmTv+5GIFE=</trust:BinarySecret>
</trust:RequestedProofToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_327fd82f-fa0b-4abc-94ce-3bea10be98f8</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">...</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
</s:Body>
</s:Envelope>
I have to use the information got in this toke and send a SOAP message to
another service which looks like
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action
s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:MessageID>urn:uuid:eb64f20c-b70c-49f3-8deb-1cd1113d025d</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To
s:mustUnderstand="1">https://..../adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</a:To>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2013-12-01T23:23:13.407Z</u:Created>
<u:Expires>2013-12-01T23:28:13.407Z</u:Expires>
</u:Timestamp>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>....</X509IssuerName>
<X509SerialNumber>.....</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>.....</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>.........</xenc:CipherValue></xenc:CipherData>
</xenc:EncryptedData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>.....</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>......</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference
k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_327fd82f-fa0b-4abc-94ce-3bea10be98f8</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://ecsn.gov.au/ESC/</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>
</s:Body>
</s:Envelope>
Is there any way the above could be done using STSClient
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-STSClient-tp5737337.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF STSClient
Posted by Colm O hEigeartaigh <co...@apache.org>.
I think your best bet is to write an interceptor that runs after the
WSS4JOutInterceptor, which grabs the security header + appends the
EncryptedData Element retrieved from the first request to it.
Colm.
On Thu, Dec 5, 2013 at 6:39 AM, qatada.abbas <qm...@whispir.com> wrote:
> first call to STS
>
> Below is my second call that i have to make but just cant figure out what
> interceptor to use to add the security header with the token data that was
> received in the first call
>
> bus = BusFactory.getDefaultBus();
>
> features = new ArrayList<AbstractFeature>();
> features.add(new WSAddressingFeature());
> features.add(new LoggingFeature());
> for(AbstractFeature feature : features) {
> feature.initialize(bus);
> }
>
> client = new STSClient(bus);
>
> client.setLocation("
> https://www.deewr.gov.au/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
> ");
> client.setRequiresEntropy(false);
>
>
>
> interceptorList= new ArrayList();
>
>
> client.setOutInterceptors(interceptorList);
>
> client.setEnableAppliesTo(true);
> client.getProperties().putAll(properties);
> client.setFeatures(features);
> client.setSoap12();
>
> client.setWspNamespace(null);
>
> client.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
> client.setTrust(new Trust13(SP11Constants.INSTANCE));
> client.requestSecurityToken("https://ecsn.gov.au/ESC/");
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-STSClient-tp5737337p5737374.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF STSClient
Posted by "qatada.abbas" <qm...@whispir.com>.
first call to STS
Below is my second call that i have to make but just cant figure out what
interceptor to use to add the security header with the token data that was
received in the first call
bus = BusFactory.getDefaultBus();
features = new ArrayList<AbstractFeature>();
features.add(new WSAddressingFeature());
features.add(new LoggingFeature());
for(AbstractFeature feature : features) {
feature.initialize(bus);
}
client = new STSClient(bus);
client.setLocation("https://www.deewr.gov.au/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256");
client.setRequiresEntropy(false);
interceptorList= new ArrayList();
client.setOutInterceptors(interceptorList);
client.setEnableAppliesTo(true);
client.getProperties().putAll(properties);
client.setFeatures(features);
client.setSoap12();
client.setWspNamespace(null);
client.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
client.setTrust(new Trust13(SP11Constants.INSTANCE));
client.requestSecurityToken("https://ecsn.gov.au/ESC/");
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-STSClient-tp5737337p5737374.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF STSClient
Posted by "qatada.abbas" <qm...@whispir.com>.
Yes that is the requirement
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-STSClient-tp5737337p5737370.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF STSClient
Posted by Colm O hEigeartaigh <co...@apache.org>.
What is the requirement in the second STS request? Is the EncryptedData
Element in the security header of the sample request taken directly from
the "RequestedSecurityToken" of the first STS response? In other words, is
the requirement to copy this EncryptedData Element verbatim from the first
STS response, and to paste it into the security header of the second
request?
Colm.
On Tue, Dec 3, 2013 at 11:58 PM, qatada.abbas <qm...@whispir.com> wrote:
> Hi
>
> I am very new WS Trus security system. I have been trying to write a
> STSClient for a webservice client.
> The security system requires us to get token from one server then use that
> token to get token from another server. And the final token could be used
> to
> call the actual webservice.
>
> The first service works based on username and password and i was able to
> write STSClient for that and get the token my code looks like the following
>
>
> Bus bus = BusFactory.getDefaultBus();
>
> List<AbstractFeature> features = new
> ArrayList<AbstractFeature>();
> features.add(new WSAddressingFeature());
> features.add(new LoggingFeature());
> WSPolicyFeature featuren = new WSPolicyFeature();
> features.add(new WSPolicyFeature());
> for(AbstractFeature feature : features) {
> feature.initialize(bus);
> }
>
>
> STSClient client = new STSClient(bus);
>
> client.setLocation("https://
> ****/logon/Service.svc/Username");
> client.setRequiresEntropy(false);
>
> Map<String, Object> properties = new HashMap<String, Object>();
> properties.put("user","username");
> properties.put("passwordCallbackRef",new
> ClientCallbackHandler());
> properties.put("passwordType", "PasswordText");
> properties.put("action", "UsernameToken");
>
>
> List interceptorList= new ArrayList();
> WSS4JOutInterceptor interceptor = new
> WSS4JOutInterceptor(properties);
> interceptorList.add(interceptor);
>
>
> client.setOutInterceptors(interceptorList);
>
> client.setEnableLifetime(true);
> client.setEnableAppliesTo(true);
> client.getProperties().putAll(properties);
> client.setFeatures(features);
> client.setSoap12();
>
> client.setWspNamespace(null);
>
> client.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
> client.setTrust(new Trust13(SP11Constants.INSTANCE));
>
> SecurityToken securityToken =
> client.requestSecurityToken("***/trust13
> issuedtokenmixedsymmetricbasic256");
>
> The SOAP response looks like
>
>
> </o:Security>
> </s:Header>
> <s:Body>
> <trust:RequestSecurityTokenResponseCollection
> xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> <trust:RequestSecurityTokenResponse>
> <trust:KeySize>256</trust:KeySize>
> <trust:Lifetime>
> <wsu:Created
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">2013-12-01T23:23:12.755Z</wsu:Created>
> <wsu:Expires
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">2013-12-02T07:23:12.755Z</wsu:Expires>
> </trust:Lifetime>
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <a:EndpointReference>
>
> <a:Address>.../adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</a:Address>
> </a:EndpointReference>
> </wsp:AppliesTo>
> <trust:RequestedSecurityToken>
> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
> <e:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> </e:EncryptionMethod>
> <KeyInfo>
> <o:SecurityTokenReference
> xmlns:o="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <X509Data>
> <X509IssuerSerial>
> <X509IssuerName>....</X509IssuerName>
> <X509SerialNumber>....</X509SerialNumber>
> </X509IssuerSerial>
> </X509Data>
> </o:SecurityTokenReference>
> </KeyInfo>
> <e:CipherData>
> <e:CipherValue>..CipherValue>
> </e:CipherData>
> </e:EncryptedKey>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>...</xenc:CipherValue></xenc:CipherData>
> </xenc:EncryptedData>
> </trust:RequestedSecurityToken>
> <trust:RequestedProofToken>
>
> <trust:BinarySecret>QJKlX/UMNc9zJTbMYlDnbXyHSecGO3mdgjmTv+5GIFE=</trust:BinarySecret>
> </trust:RequestedProofToken>
> <trust:RequestedAttachedReference>
> <o:SecurityTokenReference
> k:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
> xmlns:o="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:k="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
> <o:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
> ">_327fd82f-fa0b-4abc-94ce-3bea10be98f8</o:KeyIdentifier>
> </o:SecurityTokenReference>
> </trust:RequestedAttachedReference>
> <trust:RequestedUnattachedReference>
> <o:SecurityTokenReference
> k:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
> xmlns:o="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:k="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
> <o:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
> ">...</o:KeyIdentifier>
> </o:SecurityTokenReference>
> </trust:RequestedUnattachedReference>
> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
> </trust:RequestType>
> <trust:KeyType>
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
> </trust:KeyType>
> </trust:RequestSecurityTokenResponse>
> </trust:RequestSecurityTokenResponseCollection>
> </s:Body>
> </s:Envelope>
>
>
> I have to use the information got in this toke and send a SOAP message to
> another service which looks like
>
>
> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
> xmlns:a="http://www.w3.org/2005/08/addressing"
> xmlns:u="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <s:Header>
> <a:Action
> s:mustUnderstand="1">
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
> <a:MessageID>urn:uuid:eb64f20c-b70c-49f3-8deb-1cd1113d025d</a:MessageID>
> <a:ReplyTo>
> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
> </a:ReplyTo>
> <a:To
> s:mustUnderstand="1">https://
> ..../adfs/services/trust/13/issuedtokenmixedsymmetricbasic256</a:To>
> <o:Security s:mustUnderstand="1"
> xmlns:o="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <u:Timestamp u:Id="_0">
> <u:Created>2013-12-01T23:23:13.407Z</u:Created>
> <u:Expires>2013-12-01T23:28:13.407Z</u:Expires>
> </u:Timestamp>
> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
> <e:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> </e:EncryptionMethod>
> <KeyInfo>
> <o:SecurityTokenReference>
> <X509Data>
> <X509IssuerSerial>
> <X509IssuerName>....</X509IssuerName>
> <X509SerialNumber>.....</X509SerialNumber>
> </X509IssuerSerial>
> </X509Data>
> </o:SecurityTokenReference>
> </KeyInfo>
> <e:CipherData>
> <e:CipherValue>.....</e:CipherValue>
> </e:CipherData>
> </e:EncryptedKey>
> </KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>.........</xenc:CipherValue></xenc:CipherData>
> </xenc:EncryptedData>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
> <Reference URI="#_0">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>.....</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>......</SignatureValue>
> <KeyInfo>
> <o:SecurityTokenReference
> k:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
> xmlns:k="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
> <o:KeyIdentifier
> ValueType="
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
> ">_327fd82f-fa0b-4abc-94ce-3bea10be98f8</o:KeyIdentifier>
> </o:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </o:Security>
> </s:Header>
> <s:Body>
> <trust:RequestSecurityToken
> xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <a:EndpointReference>
> <a:Address>https://ecsn.gov.au/ESC/</a:Address>
> </a:EndpointReference>
> </wsp:AppliesTo>
> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
> </trust:RequestType>
> <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
> </trust:RequestSecurityToken>
> </s:Body>
> </s:Envelope>
>
>
> Is there any way the above could be done using STSClient
>
>
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-STSClient-tp5737337.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com