Document modification for 1.3.0 release
diff --git a/INSTALL b/INSTALL
index 782bef6..ab9fe44 100644
--- a/INSTALL
+++ b/INSTALL
@@ -26,7 +26,7 @@
Getting Rampart/C binary distribution working on Linux
======================================================
-1. Copy modules/rampart to $AXIS2C_HOME/modules
+1. Copy modules/* to $AXIS2C_HOME/modules/
2. Copy lib/* to $AXIS2C_HOME/lib
3. Copy services/* to $AXIS2C_HOME/services/
4. Engage rampart as described in section "Engaging Rampart/C with axis2/C"
diff --git a/NEWS b/NEWS
index 4c59806..dd2a5f3 100644
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,7 @@
9. Keys management
- Support for X509 token profile
- Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
+ - Support for PKCS12 keystore
10. WS-Secure Conversation Language support
- Establishing Security Context and thereby maintaining a session
@@ -76,8 +77,9 @@
1. WS-Secure Conversation Language support
2. WS-Trust Language support
3. Rahas module to give STS support to a service
-4. Memory leak fixes
-5. Many bug fixes
+4. PKCS12 Keystore support
+5. Memory leak fixes
+6. Many bug fixes
Planned to be implemented Architecture Features
diff --git a/xdocs/archived_news.html b/xdocs/archived_news.html
index 05539bd..6814287 100644
--- a/xdocs/archived_news.html
+++ b/xdocs/archived_news.html
@@ -13,6 +13,88 @@
<p>This page contains information on previous releases running up to the
latest.</p>
+
+<a id="1.2.0"></a>
+<h3>13th May 2008 - Apache Rampart/C Version 1.2.0 Released</h3>
+<a href="http://ws.apache.org/rampart/c/download.cgi">Download 1.2</a>
+<h4>Key Features</h4>
+<ol>
+<li>Ability to send and verify UsernameTokens with
+ <ul>
+ <li>Username and PlainText password
+ <li>Username and Digested password
+ </ul>
+<li>Ability to send Timestamp tokens
+<li>SOAP message encryption
+ <ul>
+ <li> With derived key support for improved security
+ <li> Symmetric and Asymmetric modes of operations
+ <li> Support for AES and Tripple DES encryption
+ <li> Signature encryption
+ <li> Keys encryption
+ </ul>
+<li>SOAP message signature
+ <ul>
+ <li> XML signature with RSA-SHA1
+ <li> Message authentication with HMAC-SHA1
+ <li> Signature confirmation support
+ <li> SOAP Header signing
+ </ul>
+<li>WS-Security Policy (spec 1.1) based configurations
+ <ul>
+ <li> Support for both Symmetric as well as Asymmetric policy bindings
+ <li> Support for different modes of key identifiers
+ <li> Support for different algorithm suites<br>
+ [Basic128, Basic 192, Basic256, TrippleDES, Basic128Rsa15, Basic192Rsa15,Basic256Rsa15, TripleDesRsa15]
+ </ul>
+<li>Replay detection support
+ <ul>
+ <li> Easy to use built-in replay detection module
+ <li> Ability to deploy a customized replay detection module
+ </ul>
+<li>Different protection orders
+ <ul>
+ <li> Encrypt before signing
+ <li> Sign before encrypting
+ </ul>
+<li>Extensible modules
+ <ul>
+ <li> Password callback module
+ <li> Authentication module
+ <li> Credentials module
+ </ul>
+<li>Keys management
+ <ul>
+ <li> Support for X509 token profile
+ <li> Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
+ </ul>
+<li> WS-Secure Conversation Language support (Experimental)
+ <ul>
+ <li> Establishing Security Context and thereby maintaining a session
+ <li> Per message key derivation
+ <li> Support for stored securtiy context token
+ </ul>
+<li> WS-Trust Language support (Experimental)
+ <ul>
+ <li> Security Token Services (STS)
+ <li> STS Client
+ <li> Server and Client entrophy support
+ </ul>
+<li>Other
+ <ul>
+ <li> Easy to use deployment scripts
+ <li> A comprehensive set of samples
+ </ul>
+</ol>
+</div><div class="subsection"><a name="Major_Changes_Since_Last_Release"></a><h3>Major Changes Since Last Release</h3><p>
+<ol>
+ <li> WS-Secure Conversation Language support (Experimental)
+ <li> WS-Trust Language support (Experimental)
+ <li> SAML Support
+ <li> Memory leak fixes</li>
+ <li> Many bug fixes</li>
+ </ol>
+
<a id="1.1.0"></a>
<h3>16th Jan 2008 - Apache Rampart/C Version 1.1 Released</h3>
<a href='http://ws.apache.org/rampart/c/download.cgi'>Download 1.1</a>
diff --git a/xdocs/docs/configurations.html b/xdocs/docs/configurations.html
index 6db3376..2d63b4c 100644
--- a/xdocs/docs/configurations.html
+++ b/xdocs/docs/configurations.html
@@ -24,9 +24,14 @@
<li>Detecting replays of messages
</ol>
+<p>In addition to that, if you want to provide Secure Token Service (STS) functionality to a service, add the following entry to your descriptor file. </p>
+<pre>
+ <module ref="rahas"/>
+</pre>
+
<h2>Security policy based configurations</h2>
-<p>Rampart/C configurations are based on WS Security Policy Language 1.0. Thus, we need to specify these policies in the descriptor file. For the client side we place them in a separate policy file, whilst in the server side we place them within either the services.xml or the axis2.xml.</p>
+<p>Rampart/C configurations are based on WS Security Policy Language. Thus, we need to specify these policies in the descriptor file. For the client side we place them in a separate policy file, whilst in the server side we place them within either the services.xml or the axis2.xml.</p>
<h2>Client configurations</h2>
@@ -364,41 +369,5 @@
</p>
<p>The message ID is considered to be unique to a particular message. But for this, user needs to have the addressing module engaged(which comes with axis2/c). This is NOT a MUST but is the RECOMONDED approach. One can just survive with only the timestamp. But shouldn't forget the chance of generating two message at the same time, which definitely make them suspicious as a replay.</p>
-<h2>Rampart/C samples</h2>
-
-<p>There are number of samples available under Rampart/C samples.
-Following is a brief description of Rampart/C samples</p>
-<p>
-<b><i>Service :</b> samples/services/sec_echo</i><br>
-The security enabled service. Depends on deployed security policy scenario.</p>
-<p>
-<b><i>Client:</b> samples/client/sec_echo</i><br>
-The client to send secured SOAP messages. Depends on deployed security policy scenario.</p>
-<p>
-<b><i>Security policies:</b> samples/secpolicy/scenarioX</i><br>
-Provides several identified scenarios to demonstrate features of Rampart/C.
-Please read the README file under samples/secpolicy to learn more about them.</p>
-<p>
-<b><i>Callbacks :</b> samples/callback</i><br>
-To retrieve passwords for a particular user, Rampart/C uses password callback mechanism.
-Such callback modules can be plugged into Rampart/C by defining them in the policy assertions.
-The sample shows how to write a simple password callback module.</p>
-<p>
-<b><i>Credential Provider:</b> samples/credential_provider</i><br>
-In the client side it's possible to give a username/password pair to the client, using a credential_provider.
-Similar to Callbacks, these can too plugged into Rampart/C by defining them in the policy assertions.
-The sample shows how to write a simple credentials provider.</p>
-<p>
-<b><i>Authentication Provider :</b> samples/authn_provider</i><br>
-In the server side, in order to validate a usernametoken in more application specific way, an authentication module can be used.<br>
-The authentication module gets both the username and the password and returns a status code back to Rampart/C.
-The sample shows how to write a simple authentication provider.</p>
-<p>
-<b><i>Keys :</b> samples/keys</i><br>
-All the certificates, private keys and key stores that are used by samples, placed here.</p>
-<p>
-<b><i>Data :</b> samples/data</i><br>
-Data files that are used by samples, placed here.
-</p>
</body>
</html>
diff --git a/xdocs/docs/installationguide.html b/xdocs/docs/installationguide.html
index b5d45a3..b43241d 100644
--- a/xdocs/docs/installationguide.html
+++ b/xdocs/docs/installationguide.html
@@ -19,7 +19,7 @@
<p>Please send your feedback to the developer mailing list: <a
href="mailto:rampart-c-dev@ws.apache.org">rampart-c-dev@ws.apache.org</a>
(Subscription details are available on the <a
-href="http://ws.apache.org/rampart/c/mail-lists.html">Rampart/C site</a>.</p>
+href="http://ws.apache.org/rampart/c/mail-lists.html">Rampart/C site</a>).</p>
<h2>Contents</h2>
<ul>
@@ -61,14 +61,14 @@
<li>export AXIS2C_HOME</li>
</ul>
</li>
- <li>Copy modules/rampart to $AXIS2C_HOME/modules
+ <li>Copy modules/* to $AXIS2C_HOME/modules/
<li>Copy lib/* to $AXIS2C_HOME/lib
- <li>Copy bin/samples/server/sec_echo to $AXIS2C_HOME/services/
- <li>Copy bin/samples/* to $AXIS2C_HOME/bin/samples/rampart. This will copy callback modules etc
+ <li>Copy services/* to $AXIS2C_HOME/services/
+ <li>Copy samples/* to $AXIS2C_HOME/samples/. This will copy callback modules etc.
<li>Engage Rampart/C as specified in the section <a href="#engage">Engage Rampart/C with Axis2/C</a>
- <li>Go to bin/samples/client/sec_echo/ and deploy the client repo
+ <li>Go to samples/src/rampartc/client/ and deploy the client repo
<pre>%sh deploy_client_repo.sh</pre>
- <li>Go to bin/samples/secpolicy/ and try a scenario
+ <li>Go to samples/src/rampartc/secpolicy/ and try a scenario
<pre> %sh test_scen.sh scenarioX server-port</pre>
</ol>
<a id="linux_source"></a>
@@ -93,7 +93,7 @@
<li>This can be done using the following command sequence, in the
directory where you have extracted the source:
<ul>
- <li>./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.2</li>
+ <li>./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.6.0</li>
<li>make</li>
<li>make install</li>
</ul>
@@ -128,10 +128,12 @@
<ol>
<li>Extract the binary distribution to a folder of your choice. (example:
C:\rampartc).</li>
- <li>Copy modules\rampart to %AXIS2C_HOME%\modules.</li>
+ <li>Set the AXIS2C_HOME envirionment variable to direct to your Axis2/C Installation. </li>
+ <pre>SET AXIS2C_HOME=[your-path-to-axis2c]</pre>
+ <li>Run the deploy_rampart.bat that could be found in the root of the rampart binary distribution.</li>
<li>Engage Rampart/C as specified in the section <a href="#engage">Engage Rampart/C with Axis2/C</a>.
- <li>Copy samples\server\sec_echo to %AXIS2C_HOME%\services </li>
- <li>Start the axis2_http_server and run the echo client in the samples\client\sec_echo to consume the secured service.
+ <li>Go to samples/src/rampartc/secpolicy/ and try a scenario
+ <pre> test_scen.bat scenarioX server-port</pre>
</ol>
<a id="bin_run"></a>
@@ -144,9 +146,8 @@
<li>The makefile shipped with this version needs Microsoft Visual Studio
Compiler (cl) and the nmake build tool.</li>
- <p>(Note: You can <a
- href="http://msdn.microsoft.com/vstudio/express/downloads/">download the
- Microsoft VSExpress2005 edition and Platform SDK</a> from the Microsoft Web
+ <p>(Note: You can download the <a
+ href="http://msdn.microsoft.com/vstudio/express/downloads/">Microsoft VSExpress edition and Platform SDK</a> from the Microsoft Web
site. You will need to add the path to the Platform SDK Include and Lib
folders to the makefile)</p>
</li>
@@ -161,7 +162,13 @@
<ul>
<li>Extract the source distribution to a folder of your choice. (Example:
C:\rampartc)</li>
- <li>Edit the configure.in file to specify the Axis2/C repository path and the OpenSSL installation path</li>
+ <li>Edit the configure.in file to specify the Axis2/C repository path and the OpenSSL installation path
+ <ul>
+ <li>AXIS2_BIN_DIR = path/to/where/you/have/installed/axis2</li>
+ <li>OPENSSL_BIN_DIR = path/to/where/you/have/installed/openssl</li>
+ <li>DEBUG = 1 if enabled, 0 otherwise</li>
+ </ul>
+ </li>
<li>Open a DOS shell</li>
<li>cd C:\rampartc\build\win32</li>
<li>to access .Net tools, run
@@ -173,13 +180,6 @@
cannot find this batch file. This file is located in <your MS Visual
Studio install Directory>\VC\bin directory.)</p>
</li>
- <li>Set the patameters in the configure.in
- <ul>
- <li>AXIS2_BIN_DIR = path/to/where/you/have/installed/axis2</li>
- <li>OPENSSL_BIN_DIR = path/to/where/you/have/installed/openssl</li>
- <li>DEBUG = 1 if enabled, 0 otherwise</li>
- </ul>
- </li>
<li>To build the system and create the binary files in a directory named
deploy under the build directory,
<ul>
@@ -187,7 +187,10 @@
</ul>
</li>
<li>Engage Rampart/C as specified in the section <a href="#engage">Engage Rampart/C with Axis2/C</a>
- <li>Start the axis2_http_server and run the echo client in the samples/client/sec_echo to consume the secured service
+ <li>Then go to samples/secpolicy and try a scenario
+ <pre>
+ test_scen.bat scenarioX server-port
+ </pre>
</ul>
<a id="src_run"></a>
@@ -201,12 +204,23 @@
<module ref="rampart"/>
</pre>
-<p> Also you need to add follwoing phase under <phaseOrder type="outflow">
+<p>If you want to provide Secure Token Service (STS) functionality to a service, add the following entry to services.xml. </p>
+ <module ref="rahas"/>
+
+<p>Then add following "Security" phase to the phase order in the inflow and outflow in the axis2.xml. Also add "Rahas" phase to inflow.</p>
<pre>
- <phaseOrder type="outflow">
- <!-- Other Phases-->
+ <phaseOrder type="inflow">
+ <phase name="Transport"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch"/>
+ <phase name="PostDispatch"/>
+ <phase name="Security" />
+ <phase name="Rahas"/>
+ </phaseOrder>
+ <phaseOrder type="outflow">
+ <phase name="MessageOut"/>
<phase name="Security"/>
- </phaseOrder>
+ </phaseOrder>
</pre>
<p>Apart from that you must define security policies for the client and the server.
@@ -230,7 +244,5 @@
<li>services.xml : Defines what the security configurations are for a particular service using security policies</li>
</ol>
<p><strong>NOTE:</strong> If you have changed a client's policy file, make sure that you change the corresponding policy assertions in the services.xml file as well, and vise versa. </p>
-<p><strong>NOTE:</strong> To try out samples, use the client available under samples/client/sec_echo <br>
-Usage: echo [address] [client_repo]</p>
</body>
</html>
diff --git a/xdocs/docs/rampartc_manual.html b/xdocs/docs/rampartc_manual.html
index 062b5a7..efd6ebf 100644
--- a/xdocs/docs/rampartc_manual.html
+++ b/xdocs/docs/rampartc_manual.html
@@ -59,9 +59,9 @@
Similar to processes, Rampart/C uses two builders that builds outgoing
messages.
<ol>
- <li>Security header builder : Builds Security headers of an outgoing
+ <li><strong>Security Header Builder</strong> : Builds Security headers of an outgoing
message depending on security policies.</li>
- <li>Token Builder : Builds token claims such as binary security token.</li>
+ <li><strong>Token Builder</strong> : Builds token claims such as binary security token.</li>
</ol>
These builders and processes assemble other components such as encryption,
signature, UsernameToken together. Decisions are taken in these processes
@@ -76,7 +76,7 @@
</p>
<p>Rampart/C is configured using policy assertions defined in WS-Security
-Policy specification 1.1. These policies are defined in policy.xml files.
+Policy specification (1.1 or 1.2). These policies are defined in policy.xml files.
The client side policies are defined in a seperate policy.xml file located in the client's repository.
The service's policies are defined in the services.xml file.
diff --git a/xdocs/download.html b/xdocs/download.html
index babe872..b956ede 100644
--- a/xdocs/download.html
+++ b/xdocs/download.html
@@ -34,6 +34,57 @@
<td width="119" align="center">Description</td>
</tr>
<tr>
+ <td align="center" valign="middle">1.3.0</td>
+ <td align="center">Release</td>
+ <td>MS Windows Distribution<br>
+ - Binary Distribution <a
+ href="[preferred]/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip"
+ title="[preferred]/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip"
+ onClick="javascript:urchinTracker ('/downloads/rampartc-bin-1.3.0-win32.zip');">zip</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip.md5"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip.md5">MD5</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip.asc"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-win32.zip.asc">PGP</a>
+ <br>
+ - Source Distribution <a
+ href="[preferred]/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip"
+ title="[preferred]/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip"
+ onClick="javascript:urchinTracker ('/downloads/rampartc-src-1.3.0.zip');">zip</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip.md5"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip.md5">MD5</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip.asc"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.zip.asc">PGP</a>
+ <br>
+ Linux Distribution <br>
+ - Binary Distribution <a
+ href="[preferred]/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz"
+ title="[preferred]/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz"
+ onClick="javascript:urchinTracker ('/downloads/rampartc-bin-1.3.0-linux.tar.gz');">tar.gz</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz.md5"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz.md5">MD5</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz.asc"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-bin-1.3.0-linux.tar.gz.asc">PGP</a>
+ <br>
+ - Source Distribution <a
+ href="[preferred]/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz"
+ title="[preferred]/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz"
+ onClick="javascript:urchinTracker ('/downloads/rampartc-src-1.3.0.tar.gz');">tar.gz</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz.md5"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz.md5">MD5</a>
+ <a
+ href="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz.asc"
+ title="http://www.apache.org/dist/ws/rampart/c/1_3_0/rampartc-src-1.3.0.tar.gz.asc">PGP</a></td>
+ <td>13 - 05 - 2009</td>
+ <td>1.3.0 Release (Mirrored) Depends on <a href="http://ws.apache.org/axis2/c/download.cgi">Axis2/C 1.6.0</a> </td>
+ </tr>
+ <tr>
<td align="center" valign="middle">1.2.0</td>
<td align="center">Release</td>
<td>MS Windows Distribution<br>
diff --git a/xdocs/index.html b/xdocs/index.html
index 2754d2f..217ecc0 100644
--- a/xdocs/index.html
+++ b/xdocs/index.html
@@ -18,8 +18,8 @@
<h2>Latest Release</h2>
-<h3>25th Apr 2008 - Apache Rampart/C Version 1.2.0 Released</h3>
-<a href="http://ws.apache.org/rampart/c/download.cgi">Download 1.2</a>
+<h3>13th May 2009 - Apache Rampart/C Version 1.3.0 Released</h3>
+<a href="http://ws.apache.org/rampart/c/download.cgi">Download 1.3</a>
<h4>Key Features</h4>
<ol>
@@ -44,12 +44,14 @@
<li> Signature confirmation support
<li> SOAP Header signing
</ul>
-<li>WS-Security Policy (spec 1.1) based configurations
+<li>WS-Security Policy (spec 1.1 and spec 1.2) based configurations
<ul>
<li> Support for both Symmetric as well as Asymmetric policy bindings
<li> Support for different modes of key identifiers
<li> Support for different algorithm suites<br>
[Basic128, Basic 192, Basic256, TrippleDES, Basic128Rsa15, Basic192Rsa15,Basic256Rsa15, TripleDesRsa15]
+ <li> Support for IssuedToken assertion in client side
+ <li> Support for SAMLToken assertion
</ul>
<li>Replay detection support
<ul>
@@ -66,24 +68,34 @@
<li> Password callback module
<li> Authentication module
<li> Credentials module
+ <li> Replay detection module
+ <li> Secure conversation token module
</ul>
<li>Keys management
<ul>
<li> Support for X509 token profile
- <li> Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
+ <li> Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
+ <li> Support for PKCS12 keystore
</ul>
-<li> WS-Secure Conversation Language support (Experimental)
+<li> WS-Secure Conversation Language support
<ul>
<li> Establishing Security Context and thereby maintaining a session
<li> Per message key derivation
<li> Support for stored securtiy context token
+ <li> Rahas module support to give STS functionality to a service
</ul>
-<li> WS-Trust Language support (Experimental)
+<li> WS-Trust Language support
<ul>
<li> Security Token Services (STS)
<li> STS Client
<li> Server and Client entrophy support
</ul>
+<li> SAML Support
+ <ul>
+ <li> Support for Creation and Processing of SAML Core 1.1 Assertion
+ <li> SAML Token as Sign Supporting Token
+ <li> Signing and Encryption with SAML
+ </ul>
<li>Other
<ul>
<li> Easy to use deployment scripts
@@ -93,9 +105,10 @@
<h4>Major Changes Since Last Release</h4>
<p>
<ol>
- <li> WS-Secure Conversation Language support (Experimental)
- <li> WS-Trust Language support (Experimental)
- <li> SAML Support
+ <li> WS-Secure Conversation Language support
+ <li> WS-Trust Language support
+ <li> Rahas module to give STS support to a service
+ <li> PKCS12 Keystore support
<li> Memory leak fixes</li>
<li> Many bug fixes</li>
</ol>
