Rampart STS Client and UsernameToken | ansaurus

tags:

views:

461

answers:

0

Q:

Rampart STS Client and UsernameToken

I have a rampart STS Client whose policy looks like this

<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"&gt;
 <wsp:Policy>
 <sp:UsernameToken
      sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/&gt;
      </sp:UsernameToken>
   </wsp:Policy>
  </sp:SignedSupportingTokens>

It produces a RequestSecurityToken (RSTR) (WS-Trust 1.3) Where the embedded token looks like

<wsse:UsernameToken
   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   wsu:Id="UsernameToken-2">
   <wsse:Username>#####</wsse:Username>
   <wsse:Password
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;####&lt;/wsse:Password&gt;
  </wsse:UsernameToken>

The STS server I am using rejects this as the UserName Token profile in WS-Trust MUST include a wsu:Created element inside the token itself.

I have seen examples of RSTR from rampart forums where the wsu:Created is part of the token. Is there a way to change the configuration or to programatically force the STSClient to add it?

related questions

Is WS-Security truly interoperable across platforms?

Connecting to WS-Security protected Web Service with PHP

Any good step by step tutorial to implement a secure token service with Java?

How to use Forms Auth when SSL is on a proxy in front of the IIS Farm (WCF) ?

JAX-WS Consuming web service with WS-Security and WS-Addressing

How do I build a secure webservice with .Net?

How do I add a <UsernameToken> header programatically to a SOAP message in JAX-WS?

How do you build an EAR with policy files included using WLS Ant Tasks?

How do you use TLS/SSL Http Authentication with a CXF client to a web service?

webservice using security UserNameToken

User/Pass Authentication using RESTful WCF & Windows Forms

Spring-WS: how to use WebserviceTemplate with pre-generated SOAP-envelope

how to protect the ws discovery ad hoc network from man-in-the-middle attacks

How to use WS-Security with EJB3 ?

Developing a secure WS client for consuming a Axis2 Web Service with Rampart WS Security module?

Standard web services v Secure web services

Using WCF to send a signed Request and receive an unsigned Response

TLS handshake event in Tomcat, is there something like that ?

Encryption of SOAP message in Axis 2

Specify parts of the header that have to be signed and/or encrypted in WCF with binding that support standards

How do I create a cold fusion web service client that uses ws-security?

Ruby and WS-Security

How can I authenticate using client credentials in WCF just once?

Calling .NET Web Service (WSE 2/3, WS-Security) from Java

Where can I find some good WS-Security introductions and tutorials?