[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-dev
Subject: RE: Configure Rampart STS
From: Martin Gainty <mgainty () hotmail ! com>
Date: 2012-10-30 19:06:10
Message-ID: BLU172-W33AA1129519C0BED2E45C7AE620 () phx ! gbl
[Download RAW message or body]
env is a SOAPEnvelope constructed from the input MessageContext
SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx \
.getEnvelope().getNamespace().getNamespaceURI()); a parent OMElement is constructed \
from env.getBody()
if addRequestedAttachedRef is true the AttachedRef OMElement gets constructed
if (config.addRequestedAttachedRef) {
TrustUtil.createRequestedAttachedRef(
wstVersion, //Rahas version (defaults to 1)
rstrElem, //OMElement \
TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,env.getBody());
"#" + assertion.getID(), //link within document using GUID \
constructed with UUIDGenerator.getUUID() RahasConstants.TOK_TYPE_SAML_20); //value is \
http://docs.oasis-open.org/wss/" +"oasis-wss-saml-token-profile-1.1#SAMLV2.0"; }
if addRequestedUnattachedRef is true the UnattachedRef OMElement gets constructed
if (config.addRequestedUnattachedRef) {
TrustUtil.createRequestedUnattachedRef(wstVersion, //Rahas version \
(defaults to 1)
rstrElem, //OMElement \
TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,env.getBody());
assertion.getID(), // GUID constructed with \
UUIDGenerator.getUUID() RahasConstants.TOK_TYPE_SAML_20); //value is \
http://docs.oasis-open.org/wss/" +"oasis-wss-saml-token-profile-1.1#SAMLV2.0"; }
rstrElem (2nd arg) is a constructed OMElement constructed here
public static OMElement
createRequestSecurityTokenResponseElement(int version,
OMElement parent) throws \
TrustException { return createOMElement(parent,
getWSTNamespace(version), //for 1 version \
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
\
RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE, \
//RequestSecurityTokenResponse RahasConstants.WST_PREFIX); //wst
}
youve got a SecurityTokenResponse coming back inlined in Document with \
TrustUtil.createRequestedAttachedRef if not in the document call \
TrustUtil.createRequestedUnAttachedRef
personally i prefer XML declarators to accomplish the same objective that way you can \
see the token-dispatcher-configuration being sent in e.g. services.xml would contain
<module ref="rampart" />
<operation name="IssueToken"
mep="http://www.w3.org/ns/wsdl/in-out">
<messageReceiver
class="org.apache.rahas.STSMessageReceiver"/>
<!-- Action mapping to accept RST requests -->
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
<parameter name="token-dispatcher-configuration">
<token-dispatcher-configuration>
<!-- Issuers. You may have many issuers. -->
<issuer class="org.custom.MyIssuer" default="true">
<configuration
type="parameter">saml-issuer-config</configuration>
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
</issuer>
</token-dispatcher-configuration>
</parameter>
</operation>
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de \
déni et de confidentialité Ez az
üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy
jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának
készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és
semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek
könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet
ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, \
so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder \
Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch \
von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der \
leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt \
uebernehmen. Ce message est confidentiel et peut ętre privilégié. Si vous n'ętes pas \
le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez \
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est \
interdite. Ce message sert ŕ l'information seulement et n'aura pas n'importe quel \
effet légalement obligatoire. Étant donné que les email peuvent facilement ętre \
sujets ŕ la manipulation, nous ne pouvons accepter aucune responsabilité pour le \
contenu fourni.
From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org; rtercerol@gmail.com
Subject: RE: Configure Rampart STS
Date: Tue, 30 Oct 2012 13:56:33 -0400
Martin, Thanks, but what is unclear is what else exists? (maybe nothing?), and what \
are these: <addRequestedAttachedRef /> <addRequestedUnattachedRef />In many of the \
examples the ‘saml-issuer-config’ had nothing in it. Was it implied that the user is \
to fill it in? Brian From: Martin Gainty [mailto:mgainty@hotmail.com] \
Sent: Tuesday, October 30, 2012 1:24 PM
To: java-dev@axis.apache.org; rtercerol@gmail.com
Subject: RE: Configure Rampart STS MG>Quick answer inlinedFrom: Brian Reinhold \
[mailto:brianreinhold@lampreynetworks.com]
Sent: Tuesday, October 30, 2012 10:38 AM
To: java-dev@axis.apache.org; rtercerol@gmail.com
Subject: Configure Rampart STS I am trying to understand how to configure my own STS \
service to generate a custom SAML token. The instructions are confusing. First it \
states to remove the default rampart.mar from the modules. In my modules there is \
both a rampart.mar and a rahas.mar.Then it states to create a service.xml pointing to \
one’s custom implementation of the TokenIssuer interface. The contents of the example \
service.xml provided looks very similar to the contents of the rahas.mar module and \
bears no resemblance to the rampart.mar. In addition, there is a ‘saml-issuer-config’ \
value of the configuration element. I have no idea what that element represents. Do I \
need to make some type of file containing configuration parameters, and if I do, what \
are the elements that go in it? Has anybody ever done this? Do I have to play with \
the axis.xml? MG>only to add in the module name e.g. <module ref="rampart"/>MG>you \
will want to configure services.xml in WEB-INF\services only Any insight would be \
greatly appreciated! Thanks, Brian PS Here is some stuff I found no documentation on \
with respect to saml-issuer-config <parameter name="saml-issuer-config"> \
<saml-issuer-config> <issuerName>SAMPLE_STS</issuerName> \
<issuerKeyAlias>service</issuerKeyAlias>MG>alias for the provided key you will need \
the alias to export the cert out of the pfx e.g.MG>keytool -exportcert -alias \
AlienAlias -keystore steve.jks -keypass steve -storepass steve -file steve.cert \
<issuerKeyPassword>apache</issuerKeyPassword> <cryptoProperties> \
<crypto provider="org.apache.ws.security.components.crypto.Merlin"> \
<property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>MG>safe \
to stay with JKS although easy enough to convert a p12 format to jks \
<property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>MG>name \
of the Java Key file..the absolute path must be known in order to configure a HTTPS \
connector <property \
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>MG>password \
to the keystore file </crypto> </cryptoProperties> \
<timeToLive>864000000000</timeToLive>MG>lifetime of SAML token default to 5 min \
<keySize>256</keySize>MG>keysize in bits used with generation step e.g. keytool \
-genkey -keysize 2048 MG>the longer the keysize the more difficult to crack by brute \
force <addRequestedAttachedRef /> \
<addRequestedUnattachedRef /> \
<keyComputation>3</keyComputation>MG><!-- Key computation mechanism 1 - Use Request \
Entropy 2 - Provide Entropy 3 - Use Own Key --> \
<proofKeyType>BinarySecret</proofKeyType>MG><!-- proofKeyType element is valid only \
if the keyComputation is set to 3 i.e. Use Own Key Valid values are: EncryptedKey & \
MG> BinarySecret --> <trusted-services> <service \
alias="service">*</service>MG><!-- The service name and the alias of the trusted cert \
to use --> <service alias="bob">http://localhost:8080/axis2/servicesMG>/STS</service>MG>the \
alias is referenced by the trust-store lookup manager to find a key-entity that was \
previously inserted its own truststore </trusted-services> \
</saml-issuer-config> </parameter> There are several xml elements I cannot \
find documented anywhere except for the cryptoProperties. Some are easier to GUESS; \
but it would be nice not to guess. The bigger question is what other parameters exist \
that I don’t see in this example? In general, the documentation on the xml part of \
Axis2/Rampart is lacking yet is so critical to its use. Does anyone have all the \
options one can place into the service.xmls and other xml config files (where ever \
they may be) documented? MG>Brian the saml-issuer-config elements are well documented \
at the WS02 site urlMG>https://svn.wso2.org/repos/wso2/carbon/platform/trunk/dependenc \
ies/rampart/1.6.1-wso2v4/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
MG>let me know if you have any questions or concerns
MG>Martin
[Attachment #3 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
env is a SOAPEnvelope constructed from the input MessageContext<br>SOAPEnvelope env = \
TrustUtil.createSOAPEnvelope(inMsgCtx \
.getEnvelope().getNamespace().getNamespaceURI());<br>a parent OMElement is \
constructed from env.getBody()<br><br>if <span \
style="color:black">addRequestedAttachedRef</span> is true the AttachedRef OMElement \
gets constructed <br><br>if (config.addRequestedAttachedRef) \
{<br> \
TrustUtil.createRequestedAttachedRef(<br> &nb \
sp;   \
; \
wstVersion, //Rahas version (defaults to 1)<br> \
\
rstrElem, //OMElement \
TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,env.getBody());<br>&nbs \
p; \
"#" + assertion.getID(), //link within document using GUID \
constructed with UUIDGenerator.getUUID()<br>RahasConstants.TOK_TYPE_SAML_20); //value \
is http://docs.oasis-open.org/wss/" \
+"oasis-wss-saml-token-profile-1.1#SAMLV2.0";<br> \
}<br><br>if addRequestedUnattachedRef is true the UnattachedRef OMElement gets \
constructed <br><br> \
if (config.addRequestedUnattachedRef) \
{<br> \
TrustUtil.createRequestedUnattachedRef(wstVersion, //Rahas version (defaults to \
1)<br> \
rstrElem, \
//OMElement TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,env.getBody \
());<br> \
assertion.getID(), // GUID constructed with \
UUIDGenerator.getUUID()<br> RahasConstants.TOK_TYPE_SAML_20); //value is \
http://docs.oasis-open.org/wss/" \
+"oasis-wss-saml-token-profile-1.1#SAMLV2.0";<br> \
}<br><br>rstrElem (2nd arg) is a constructed OMElement constructed \
here<br> public static \
OMElement<br> \
createRequestSecurityTokenResponseElement(int \
version,<br> &n \
bsp; &nbs \
p; \
OMElement parent) throws TrustException \
{<br> return \
createOMElement(parent,<br>   \
; \
getWSTNamespace(version), //for 1 version \
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"<br> &nb \
sp; \
RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE, \
//RequestSecurityTokenResponse<br> &nbs \
p; \
RahasConstants.WST_PREFIX); //wst<br> }<br><br>youve \
got a SecurityTokenResponse coming back inlined in Document with \
TrustUtil.createRequestedAttachedRef<br>if not in the document call \
TrustUtil.createRequestedUnAttachedRef<br><br>personally i prefer XML declarators to \
accomplish the same objective that way you can see the token-dispatcher-configuration \
being sent in e.g.<br>services.xml would contain<br><br>&lt;module ref="rampart" \
/&gt;<br><br>&lt;operation \
name="IssueToken"<br> \
mep="http://www.w3.org/ns/wsdl/in-out"&gt;<br> \
&lt;messageReceiver<br> \
class="org.apache.rahas.STSMessageReceiver"/&gt;<br><br> \
&lt;!-- Action mapping to accept RST requests --&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT&lt;/actionMapping&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue&lt;/actionMapping&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew&lt;/actionMapping&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel&lt;/actionMapping&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel&lt;/actionMapping&gt;<br> \
&lt;actionMapping&gt;http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate&lt;/actionMapping&gt;<br><br> \
&lt;parameter name="token-dispatcher-configuration"&gt;<br> \
&lt;token-dispatcher-configuration&gt;<br> \
&lt;!-- Issuers. You may have many issuers. \
--&gt;<br> &lt;issuer \
class="org.custom.MyIssuer" \
default="true"&gt;<br> \
&lt;configuration<br> \
type="parameter"&gt;saml-issuer-config&lt;/configuration&gt;<br> \
&lt;tokenType&gt;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1 \
.1#SAMLV1.1&lt;/tokenType&gt;<br> \
&lt;/issuer&gt;<br> \
&lt;/token-dispatcher-configuration&gt;<br> \
&lt;/parameter&gt;<br><br>&lt;/operation&gt;<br>Martin Gainty \
<br>______________________________________________ <br>Jogi és Bizalmassági \
kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de \
confidentialité<br><div> </div><div>Ez az üzenet bizalmas. Ha nem ön az \
akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle \
továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak \
ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az \
electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem \
terhelhet ezen üzenet tartalma miatt.<br><br>Diese Nachricht ist vertraulich. Sollten \
Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. \
Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese \
Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine \
rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails \
koennen wir keine Haftung fuer den Inhalt uebernehmen.<br></div><pre>Ce message est \
confidentiel et peut ętre privilégié. Si vous n'ętes pas le destinataire prévu, nous \
te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle \
diffusion non autorisée ou la copie de ceci est interdite. Ce message sert ŕ \
l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. \
Étant donné que les email peuvent facilement ętre sujets ŕ la manipulation, nous ne \
pouvons accepter aucune responsabilité pour le contenu \
fourni.</pre><br><br><br><div><div id="SkyDrivePlaceholder"></div><hr \
id="stopSpelling">From: brianreinhold@lampreynetworks.com<br>To: \
java-dev@axis.apache.org; rtercerol@gmail.com<br>Subject: RE: Configure Rampart \
STS<br>Date: Tue, 30 Oct 2012 13:56:33 -0400<br><br><style><!--
.ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass \
div.ecxMsoNormal {margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New \
Roman","serif";}
.ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink
{color:blue;text-decoration:underline;}
.ExternalClass a:visited, .ExternalClass span.ecxMsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
.ExternalClass p
{margin-right:0in;margin-left:0in;font-size:12.0pt;font-family:"Times New \
Roman","serif";}
.ExternalClass pre
{margin-bottom:.0001pt;font-size:10.0pt;font-family:"Courier New";}
.ExternalClass p.ecxMsoAcetate, .ExternalClass li.ecxMsoAcetate, .ExternalClass \
div.ecxMsoAcetate {margin-bottom:.0001pt;font-size:8.0pt;font-family:"Tahoma","sans-serif";}
.ExternalClass span.ecxst
{;}
.ExternalClass span.ecxf
{;}
.ExternalClass span.ecxEmailStyle21
{font-family:"Calibri","sans-serif";color:#1F497D;}
.ExternalClass span.ecxBalloonTextChar
{font-family:"Tahoma","sans-serif";}
.ExternalClass span.ecxHTMLPreformattedChar
{font-family:"Courier New";}
.ExternalClass .ecxMsoChpDefault
{font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;}
.ExternalClass div.ecxWordSection1
{page:WordSection1;}
--></style><div class="ecxWordSection1"><p class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Martin,</span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><pre><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks, \
but what is unclear is what else exists? (maybe nothing?), and what are \
these:</span><span style="color:black"> <addRequestedAttachedRef /> \
<addRequestedUnattachedRef /></span></pre><p class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In \
many of the examples the ‘saml-issuer-config’ had nothing in it. Was it implied that \
the user is to fill it in?</span></p><p class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Brian</span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></p><div><div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p \
class="ecxMsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> \
Martin Gainty [mailto:mgainty@hotmail.com] <br><b>Sent:</b> Tuesday, October 30, 2012 \
1:24 PM<br><b>To:</b> java-dev@axis.apache.org; \
rtercerol@gmail.com<br><b>Subject:</b> RE: Configure Rampart \
STS</span></p></div></div><p class="ecxMsoNormal"> </p><div><div><div><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">MG>Quick \
answer inlined</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><div><div \
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p \
class="ecxMsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Brian \
Reinhold [<a href="mailto:brianreinhold@lampreynetworks.com">mailto:brianreinhold@lampreynetworks.com</a>] \
<br><b>Sent:</b> Tuesday, October 30, 2012 10:38 AM<br><b>To:</b> <a \
href="mailto:java-dev@axis.apache.org">java-dev@axis.apache.org</a>; <a \
href="mailto:rtercerol@gmail.com">rtercerol@gmail.com</a><br><b>Subject:</b> \
Configure Rampart STS</span></p></div></div><p class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I \
am trying to understand how to configure my own STS service to generate a custom SAML \
token. The instructions are confusing.</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">First \
it states to remove the default rampart.mar from the modules. In my modules there is \
both a rampart.mar and a rahas.mar.</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Then \
it states to create a service.xml pointing to one’s custom implementation of the \
TokenIssuer interface. The contents of the example service.xml provided looks very \
similar to the contents of the rahas.mar module and bears no resemblance to the \
rampart.mar. </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In \
addition, there is a ‘saml-issuer-config’ value of the configuration element. I have \
no idea what that element represents. Do I need to make some type of file containing \
configuration parameters, and if I do, what are the elements that go in it? Has \
anybody ever done this? Do I have to play with the axis.xml?</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">MG>only \
to add in the module name e.g. <module ref="rampart"/></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">MG>you \
will want to configure services.xml in WEB-INF\services only</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Any \
insight would be greatly appreciated!</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Brian</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">PS</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Here \
is some stuff I found no documentation on with respect to \
saml-issuer-config</span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">parameter</span><span \
style="font-size:10.0pt;font-family:Consolas"> <span \
style="color:#7F007F">name</span><span style="color:black">=</span><i><span \
style="color:#2A00FF">"saml-issuer-config"</span></i><span \
style="color:teal">></span></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">saml-issuer-config</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerName</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:Consolas;color:black">SAMPLE_STS</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal"></</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerName</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerKeyAlias</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:Consolas;color:black">service</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal"></</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerKeyAlias</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">MG>alias \
for the provided key you will need the alias to export the cert out of the pfx \
e.g.</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">MG>keytool \
-exportcert -alias AlienAlias -keystore steve.jks -keypass steve -storepass steve \
-file steve.cert</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerKeyPassword</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:Consolas;color:black">apache</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal"></</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">issuerKeyPassword</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">cryptoProperties</span><span \
style="font-size:10.0pt;font-family:Consolas;color:teal">></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> &nbs \
p; \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">crypto</span><span \
style="font-size:10.0pt;font-family:Consolas"> <span \
style="color:#7F007F">provider</span><span style="color:black">=</span><i><span \
style="color:#2A00FF">"org.apache.ws.security.components.crypto.Merlin"</span></i><span \
style="color:teal">></span></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> &nbs \
p; \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">property</span><span \
style="font-size:10.0pt;font-family:Consolas"> <span \
style="color:#7F007F">name</span><span style="color:black">=</span><i><span \
style="color:#2A00FF">"org.apache.ws.security.crypto.merlin.keystore.type"</span></i><span \
style="color:teal">></span><span style="color:black">JKS</span><span \
style="color:teal"></</span><span style="color:#3F7F7F">property</span><span \
style="color:teal">></span></span><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""></span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">MG>safe \
to stay with JKS although easy enough to convert a p12 format to jks</span></p><p \
class="ecxMsoNormal"><span \
style="font-size:10.0pt;font-family:Consolas;color:black"> &nbs \
p; \
</span><span style="font-size:10.0pt;font-family:Consolas;color:teal"><</span><span \
style="font-size:10.0pt;font-family:Consolas;color:#3F7F7F">property</span><span \
style="font-size:10.0pt;font-family:Consolas"> <span \
style="color:#7F007F">name</span><span style="color:black">=</span><i><span \
style="color:#2A00FF">"org.apache.ws.security.crypto.merlin.file"</span></i><span \
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic