Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.3.5
-
None
-
Advanced
Description
WS-Trust 1.4 spec allows the process of obtaining a security token to consist not only of two messages (request for token, response with the token), but also to have some intermediate requests and responses. In these intermediate requests and responses, the STS may challenge the token requestor to answer a challenge (e.g. to sign a randomly generated string). Only after all challenges have been aswered correctly, would the STS sent a real token. See e.g. chapter 8.2 (Signature Challenges) of the WS-Trust spec.
STSClient (v3.3.5) currently does not support a Issue/Challenge-Answer like this:
<?xml version="1.0" encoding="UTF-8"?> <soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"> <soap11:Header> <wsa:ReplyTo xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:Address>https://...ists.tgic.de/RST/Issue</wsa:Address> </wsa:ReplyTo> <wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue</wsa:Action> <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing">uuid:44ef50f3-7991-48db-9cee-27e71e1082cd</wsa:MessageID> <wsa:RelatesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">urn:uuid:2000fce3-36ee-4f12-9eb1-7f949b3f524b</wsa:RelatesTo> </soap11:Header> <soap11:Body> <wst:RequestSecurityTokenResponse Context="abcc2adc-ae05-43c3-ab09-e1ba71d5a157" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <wst:SignChallenge> <wst:Challenge>7416357016</wst:Challenge> </wst:SignChallenge> </wst:RequestSecurityTokenResponse> </soap11:Body> </soap11:Envelope>
I am currently trying to implement this (dirty) by override some of the STSClient methods. I am not familiar enough with CXF code.
This topic is on the rise in germany in the insurance industry ("TGIC" single sign on; electronic health card "ePA").
Please implement this feature in a future release.
Attachments
Issue Links
- is related to
-
-
- Closed
-
- links to
