views:

461

answers:

0

I have a rampart STS Client whose policy looks like this

<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"&gt;
 <wsp:Policy>
 <sp:UsernameToken
      sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/&gt;
      </sp:UsernameToken>
   </wsp:Policy>
  </sp:SignedSupportingTokens>

It produces a RequestSecurityToken (RSTR) (WS-Trust 1.3) Where the embedded token looks like

<wsse:UsernameToken
   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   wsu:Id="UsernameToken-2">
   <wsse:Username>#####</wsse:Username>
   <wsse:Password
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;####&lt;/wsse:Password&gt;
  </wsse:UsernameToken>

The STS server I am using rejects this as the UserName Token profile in WS-Trust MUST include a wsu:Created element inside the token itself.

I have seen examples of RSTR from rampart forums where the wsu:Created is part of the token. Is there a way to change the configuration or to programatically force the STSClient to add it?

related questions