Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4
    • Component/s: WS-* Components
    • Labels:
    1. BinarySecret.java
      2 kB
      Mayank Mishra
    2. Entropy.java
      2 kB
      Mayank Mishra
    3. model.zip
      29 kB
      Mayank Mishra
    4. RequestSecurityToken.java
      3 kB
      Mayank Mishra
    5. RequestSecurityTokenResponse.java
      5 kB
      Mayank Mishra
    6. SecurityConstants.java
      3 kB
      Mayank Mishra
    7. sts_provider.zip
      125 kB
      Anubhav Sharma
    8. sts_provider2.zip
      143 kB
      Anubhav Sharma
    9. sts_provider3.zip
      143 kB
      Anubhav Sharma
    10. STS.java
      1 kB
      Mayank Mishra
    11. STSClient27Jan.patch
      3 kB
      Mayank Mishra
    12. STSImpl.java
      12 kB
      Mayank Mishra

      Activity

      Hide
      dkulp Daniel Kulp added a comment -


      We now have a basic framework in place in CXF and a good example in the samples that shows how to use it to build a simple STS that produces SAML tokens based on the X509 certs.

      Show
      dkulp Daniel Kulp added a comment - We now have a basic framework in place in CXF and a good example in the samples that shows how to use it to build a simple STS that produces SAML tokens based on the X509 certs.
      Hide
      anubhav Anubhav Sharma added a comment -

      Here's a new version with some defect fixes found in the sample Issue implementation and code changes suggested by Dan.

      Show
      anubhav Anubhav Sharma added a comment - Here's a new version with some defect fixes found in the sample Issue implementation and code changes suggested by Dan.
      Hide
      anubhav Anubhav Sharma added a comment -

      Here is the new version of the STS provider implementation, with code cleanup, applied checkstyle and code changes suggested by Dan.

      Show
      anubhav Anubhav Sharma added a comment - Here is the new version of the STS provider implementation, with code cleanup, applied checkstyle and code changes suggested by Dan.
      Hide
      anubhav Anubhav Sharma added a comment -

      I am attaching an initial implementation of the STS provider framework and the sample Issue operation. I still need to refractor the code with regards to logging, exception tracing, checkstyles etc. I would request you guys to provide an initial feedback while I proceed with the code cleanup. Thanks!

      Show
      anubhav Anubhav Sharma added a comment - I am attaching an initial implementation of the STS provider framework and the sample Issue operation. I still need to refractor the code with regards to logging, exception tracing, checkstyles etc. I would request you guys to provide an initial feedback while I proceed with the code cleanup. Thanks!
      Hide
      gmazza Glen Mazza added a comment - - edited

      While we do not yet have our own STS, we have recently confirmed CXF clients and web service providers will work with the Metro STS[1]. (I have to update my blog entry showing the same[2].) PicketLink STS by JBoss is another option, however I have not yet tested it.

      Glen

      [1] http://www.jroller.com/gmazza/entry/metro_and_wstrust
      [2] http://www.jroller.com/gmazza/entry/cxf_stsclient_with_metro_sts

      Show
      gmazza Glen Mazza added a comment - - edited While we do not yet have our own STS, we have recently confirmed CXF clients and web service providers will work with the Metro STS [1] . (I have to update my blog entry showing the same [2] .) PicketLink STS by JBoss is another option, however I have not yet tested it. Glen [1] http://www.jroller.com/gmazza/entry/metro_and_wstrust [2] http://www.jroller.com/gmazza/entry/cxf_stsclient_with_metro_sts
      Hide
      barakka Riccardo Serafin added a comment -

      Hello everyone,

      has there been any progress on this? Was it pushed in any release?

      Thanks,

      Show
      barakka Riccardo Serafin added a comment - Hello everyone, has there been any progress on this? Was it pushed in any release? Thanks,
      Hide
      mayank.mishra Mayank Mishra added a comment -

      Hi Glan,

      No the code has not been either added nor has any different implmentation in CXF. It is a support for WS-Trust server side. I will say (2) is the right intended option, the STS that provides a token to the client. Right now, we have a WS-Client implementation what Dan has pushed in and we consume the SAML token from other STS services.

      Show
      mayank.mishra Mayank Mishra added a comment - Hi Glan, No the code has not been either added nor has any different implmentation in CXF. It is a support for WS-Trust server side. I will say (2) is the right intended option, the STS that provides a token to the client. Right now, we have a WS-Client implementation what Dan has pushed in and we consume the SAML token from other STS services.
      Hide
      gmazza Glen Mazza added a comment -

      Was this code ever added to the CXF codebase, or has it been already implemented differently in CXF and so is not really needed at this stage?

      Also, our documentation[1] seems to state that CXF already has the client-side portion of WS-Trust available (client requests a token from an STS)-what does this code solve-is (1) it the web service provider verification of the STS token, or (2) the STS that provides a token to the client, or (3) both?

      [1] http://cxf.apache.org/docs/ws-trust.html

      Show
      gmazza Glen Mazza added a comment - Was this code ever added to the CXF codebase, or has it been already implemented differently in CXF and so is not really needed at this stage? Also, our documentation [1] seems to state that CXF already has the client-side portion of WS-Trust available (client requests a token from an STS)- what does this code solve -is (1) it the web service provider verification of the STS token, or (2) the STS that provides a token to the client, or (3) both? [1] http://cxf.apache.org/docs/ws-trust.html
      Hide
      gmazza Glen Mazza added a comment -

      Thanks for the donation. Dan Kulp (should we ever be rewarded with his return from vacation is already working on a WS-Trust implementation. I'm sure he'd like to take a look at what you have.

      Show
      gmazza Glen Mazza added a comment - Thanks for the donation. Dan Kulp (should we ever be rewarded with his return from vacation is already working on a WS-Trust implementation. I'm sure he'd like to take a look at what you have.
      Hide
      mayank.mishra Mayank Mishra added a comment -

      provider Inferface STS, invoke implementation in STSImpl, RST and RSTR model class

      Show
      mayank.mishra Mayank Mishra added a comment - provider Inferface STS, invoke implementation in STSImpl, RST and RSTR model class

        People

        • Assignee:
          dkulp Daniel Kulp
          Reporter:
          mayank.mishra Mayank Mishra
        • Votes:
          5 Vote for this issue
          Watchers:
          7 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved:

            Development