Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
Current
-
None
-
Windows XP
Description
I want to specify a policy that has no IncludeToken attribute. Since IncludeToken is optional, it must be allowed to be unspecified.
The following is how I specify UsernameToken in my services.xml file:
<sp:UsernameToken/>
I want that to indicate that the UsernameToken itself is optional. I have a use case where I want either a saml assertion or a username token, so I have to handle the case where Username token is not there. Rampart does not complain when I leave out the saml assertion and put in the username token, but it does complain when I have only the saml assertion and no username token.
Here is the full policy I have defined in services.xml:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<sp:RequestSecurityTokenTemplate xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
</sp:RequestSecurityTokenTemplate>
</sp:IssuedToken>
<sp:UsernameToken/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:TimeToLive>360</rampc:TimeToLive>
<rampc:PasswordType>plainText</rampc:PasswordType>
<rampc:AuthnModuleName>F:/TeamTrack701/software/contrib/axis2c/Win32Debug/lib/aeaxisauth.dll</rampc:AuthnModuleName>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>