maven2/modules/rahas/sts-aar-resources/services.xml

<!-- Security token service configuration -->
<service name="STS">

	<operation name="RequestSecurityToken">
        <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>

		<!-- Action mapping to accept SCT requests -->
		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>

		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
		<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
		
	</operation>
	
	<!-- Using the config file -->
	<parameter name="token-dispatcher-configuration-file">META-INF/token-dispatcher-configuration.xml</parameter>
	
	<!-- Configure Rampart to authenticate clients -->
	<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
		<wsp:ExactlyOne>
			<wsp:All>
				
				<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
				
					<ramp:user>ip</ramp:user>
					<ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
					<ramp:passwordCallbackClass>PWCBHandler</ramp:passwordCallbackClass>
					
					<ramp:signatureCrypto>
						<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
						</ramp:crypto>
					</ramp:signatureCrypto>
				
				</ramp:RampartConfig>
				
				<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:InitiatorToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:InitiatorToken>
						<sp:RecipientToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:RecipientToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:TripleDesRsa15/>
							</wsp:Policy>
						</sp:AlgorithmSuite>
						<sp:Layout>
							<wsp:Policy>
								<sp:Strict/>
							</wsp:Policy>
						</sp:Layout>
						<sp:IncludeTimestamp/>
						<sp:OnlySignEntireHeadersAndBody/>
					</wsp:Policy>
				</sp:AsymmetricBinding>
				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:MustSupportRefKeyIdentifier/>
						<sp:MustSupportRefIssuerSerial/>
					</wsp:Policy>
				</sp:Wss10>
				<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<sp:Body/>
				</sp:SignedParts>
			</wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>
	
</service>