modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml

<service name="KerberosOverTransportKeytab">

    <module ref="addressing" />
    <module ref="rampart" />

    <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>

	<transports>
		<transport>https</transport>
	</transports>
	
    <operation name="echo">
        <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
        <actionMapping>urn:echo</actionMapping>
    </operation>

    <operation name="returnError">
        <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
        <actionMapping>urn:returnError</actionMapping>
    </operation>

    <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <wsp:AppliesTo>
            <policy-subject identifier="binding:soap" />
            <policy-subject identifier="binding:soap12" />
        </wsp:AppliesTo>
        
        <wsp:Policy wsu:Id="KerberosOverTransport"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        
            <wsp:ExactlyOne>
                <wsp:All>
                    <sp:TransportBinding>
                        <wsp:Policy>
                            <sp:TransportToken>
                                <wsp:Policy>
                                    <sp:HttpsToken />
                                </wsp:Policy>
                            </sp:TransportToken>
                            <sp:AlgorithmSuite>
                                <wsp:Policy>
                                    <sp:Basic128 />
                                </wsp:Policy>
                            </sp:AlgorithmSuite>
                            <sp:IncludeTimestamp />
                        </wsp:Policy>
                    </sp:TransportBinding>
                    <sp:EndorsingSupportingTokens>
                        <wsp:Policy>
                            <sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">
                                <wsp:Policy>
                                    <sp:WssGssKerberosV5ApReqToken11 />
                                </wsp:Policy>
                            </sp:KerberosToken>
                        </wsp:Policy>
                    </sp:EndorsingSupportingTokens>
                    <sp:Wss11>
                        <wsp:Policy />
                    </sp:Wss11>
                    <wsaw:UsingAddressing />
                    
                    <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
                        <rampart:kerberosConfig>
                            <rampart:jaasContext>KerberosOverTransportKeytab</rampart:jaasContext>
                            <rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
                            <rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
                        </rampart:kerberosConfig>
                    </rampart:RampartConfig>
                </wsp:All>
            </wsp:ExactlyOne>
        </wsp:Policy>

    </wsp:PolicyAttachment>

    <!-- Configure SPN using addressingIdentity extensibility element -->
    <parameter name="addressingIdentity">
        <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
            <Upn>bob@EXAMPLE.COM</Upn>
        </Identity>
    </parameter>

</service>