WS Binding in Silverlight 4
Will Silverlight 4.0 Support more Bindings for WCF e.g. WS-Binding ...
ws-security
WS-securitypolicy in cxf-bc deploy in servicemix
Hi, I was wondering if it is possible to build a cxf-bc with WS-SecurityPolicy instead of just the WS-Security. WS-SecurityPolicy seems to be a more elegant solution since everything is in the WSDL. Examples welcome. :) Well with David's help I got the CXF-BC to install and running on the ESB, but I can't seem to test it. It keeps c...
WSIT/Metro doesn't understand Security SOAP header
I'm using WSIT/Metro to create a simple web-service. I'm getting the following error on the server when a client tries to connect with a simple username/passowrd authentication scheme: 2010.03.31. 19:10:33 com.sun.xml.ws.protocol.soap.MUTube getMisUnderstoodHeaders INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oas...
WCF fails to deserialize correct(?) response message security headers (Security header is empty)
I'm communicating with an OC4J webservice, using a WCF client. The client is configured as follows: <basicHttpBinding> <binding name="MyBinding"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSui...
How to configure custom binding to consume this WS secure Webservice using WCF?
Hello all, I'm trying to configure a WCF client to be able to consume a webservice that returns the following response message: Response message <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://myserv...
Header Setup in SOAP with ASP.NET 3.5 WCF
I'm pretty new to SOAP so go easy on me. I'm trying to setup a SOAP service that accepts the following header format: <soap:Header> <wsse:Security> <wsse:UsernameToken wsu:Id='SecurityToken-securityToken'> <wsse:Username>Username</wsse:Username> <wsse:Password>Password</wsse:Password> <wsu:Created>Tim...
Binding for only validation of incoming SOAP message's WS-Security header
Hi Forum, My question is what WCF binding I should be using for following situation: Client should not add any WS-Security header, no message integrity, transport is Http or optionally Https. Server provides message integrity by signing the body. No encryption is done. The security token is X509. The service is written in Java, using...
Accessing username/password from within web service (JAX-WS)?
We are implementing a web service that is going to act as an intermediary layer between the clients and another application. Our requirements for the web service state that we need to send the username and password in the SOAP header using standard WS-Security. The web service implementation needs to take the information passed in throu...
What is the security advantage of STS in web services?
Hello, I've started reading up on security (particularly authentication) with web services and I see a lot of references to security token services. From what I see, they take a username-password (or something) and, on validation, return a digital token. How is using this token any more secure then just relying on the username-passwor...
What to sign when signing a message with ws-security
I am adding security to my web service and chose to sign the Timestamp and Token. While reading docs I found a lot of examples where they sign the Body of the SOAP message. My question is: what is best to sign? From what I understand signing the Body could lead to performance issues if the Body is pretty large. Thanks. ...
How to set WS-SecurityPolicy in an inbound CXF service in Mule?
When configuring the service for handling UsernameToken and signatures, it's setup like this: <service name="serviceName"> <inbound> <cxf:inbound-endpoint address="someUrl" protocolConnector="httpsConnector" > <cxf:inInterceptors> <spring:bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <spr...
Servicemix ws-security policy
Hi I cannot seem to get ws-security policy to work within servicemix 4.2 at all. I've been able to deployed a web service with ws-security policy using CXF/Jaxws deployed on Tomcat but that doesn't translate well into the Osgi/JBI environment in Servicemix 4.2. I've been at this for weeks and its suppose to be cleaner and easier than us...
implementing Ws-security within WCF proxy
Hi, I have imported an axis based wsdl into a VS 2008 project as a service reference. I need to be able to pass security details such as username/password and nonce values to call the axis based service. I have looked into doing it for wse, which i understand the world hates (no issues there) I have very little experience of WCF, but...
cxf-bc ws-security callback classnotfoundexception
I'm trying to implement authentication with SSL as a ws-security policy on a service inside of SMX4. So far I've been able to implement SSL and the transport policy, but I've not been able to get the authentication part to work. I've tried to attack this at many different angles but I'm just missing something. I was wondering if you guys...
how to implement ws-security 1.1 in php5
I'm trying to call a webservice with Soap in PHP5, for this, I need to use WS-Security 1.1. (In java and .NET this is all generated automatically.) Are there any frameworks available to generate the security headers easily in PHP? Or do I have to add the entire header myself ? Specifications of WS-Security 1.1: http://oasis-open.org...
WCF client encrypt message to JAVA WS using username_token with message protection client policy
I am trying to create a WCF client APP that is consuming a JAVA WS that uses username_token with message protection client policy. There is a private key that is installed on the server and a public certificate file was exported from the JKS keystore file. I have installed the public key into certificate store via MMC under Personal cert...
How to add wsse:Security, UsernameToken header to a SOAP request in ZSI, Python?
Is there a way to add the wsse:Security, UsernameToken header to the SOAP requests in ZSI, Python? I searched on the web, but couldn't find an answer. ...
Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme
I have a WCF client connecting to a Java based Axis2 web service (outside my control). It is about to have WS-Security applied to it, and I need to fix the .NET client. However, I am struggling to provide the correct authentication. I am aware that WSE 3.0 might make it easier, but I would prefer not to revert to an obsolete technology. ...
How to access username principle in a cxf-se with ws-security?
I finally got the Ws-Security working with CXF-BC & CXF-SE combination. I'm now trying to access the username from the soap header in the SE to check permission and ownership of the user calling a operation, but there seems to be no way of doing that. I know that once a message get passed from the BC to the SE, it just takes the SOAP b...
Is it common practice to specify security policy info in the WSDL?
Our team is implementing SOAP-based web services using Spring-WS and XWSS. So far we've been relying on Spring-WS to generate the WSDL from our XSDs. We're now considering whether to document the security requirements in the WSDL using WS-SecurityPolicy or conveying them in a separate document. Here are the questions we're pondering: ...