| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| ! |
| ! Copyright 2006 The Apache Software Foundation. |
| ! |
| ! Licensed under the Apache License, Version 2.0 (the "License"); |
| ! you may not use this file except in compliance with the License. |
| ! You may obtain a copy of the License at |
| ! |
| ! http://www.apache.org/licenses/LICENSE-2.0 |
| ! |
| ! Unless required by applicable law or agreed to in writing, software |
| ! distributed under the License is distributed on an "AS IS" BASIS, |
| ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ! See the License for the specific language governing permissions and |
| ! limitations under the License. |
| !--> |
| <!-- services.xml for STS of Sample06 : WS Trust --> |
| |
| <service name="STS"> |
| <module ref="rampart" /> |
| <module ref="addressing" /> |
| <module ref="rahas" /> |
| <parameter name="saml-issuer-config"> |
| <saml-issuer-config> |
| <issuerName>SAMPLE_STS</issuerName> |
| <issuerKeyAlias>service</issuerKeyAlias> |
| <issuerKeyPassword>apache</issuerKeyPassword> |
| <cryptoProperties> |
| <crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> |
| <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> |
| </crypto> |
| </cryptoProperties> |
| <timeToLive>300000</timeToLive> |
| <keySize>256</keySize> |
| <addRequestedAttachedRef /> |
| <addRequestedUnattachedRef /> |
| |
| <!-- |
| Key computation mechanism |
| 1 - Use Request Entropy |
| 2 - Provide Entropy |
| 3 - Use Own Key |
| --> |
| <keyComputation>2</keyComputation> |
| |
| <!-- |
| proofKeyType element is valid only if the keyComputation is set to 3 |
| i.e. Use Own Key |
| |
| Valid values are: EncryptedKey & BinarySecret |
| --> |
| <proofKeyType>BinarySecret</proofKeyType> |
| <trusted-services> |
| <service alias="service">*</service> |
| </trusted-services> |
| </saml-issuer-config> |
| </parameter> |
| |
| <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> |
| <wsp:ExactlyOne> |
| <wsp:All> |
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:InitiatorToken> |
| <wsp:Policy> |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> |
| <wsp:Policy> |
| <sp:RequireThumbprintReference/> |
| <sp:WssX509V3Token10/> |
| </wsp:Policy> |
| </sp:X509Token> |
| </wsp:Policy> |
| </sp:InitiatorToken> |
| <sp:RecipientToken> |
| <wsp:Policy> |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> |
| <wsp:Policy> |
| <sp:RequireThumbprintReference/> |
| <sp:WssX509V3Token10/> |
| </wsp:Policy> |
| </sp:X509Token> |
| </wsp:Policy> |
| </sp:RecipientToken> |
| <sp:AlgorithmSuite> |
| <wsp:Policy> |
| <sp:TripleDesRsa15/> |
| </wsp:Policy> |
| </sp:AlgorithmSuite> |
| <sp:Layout> |
| <wsp:Policy> |
| <sp:Strict/> |
| </wsp:Policy> |
| </sp:Layout> |
| <sp:IncludeTimestamp/> |
| <sp:OnlySignEntireHeadersAndBody/> |
| </wsp:Policy> |
| </sp:AsymmetricBinding> |
| <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:MustSupportRefKeyIdentifier/> |
| <sp:MustSupportRefIssuerSerial/> |
| </wsp:Policy> |
| </sp:Wss10> |
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <sp:Body/> |
| </sp:SignedParts> |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> |
| <ramp:user>service</ramp:user> |
| <ramp:encryptionUser>client</ramp:encryptionUser> |
| <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass> |
| |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| </ramp:RampartConfig> |
| </wsp:All> |
| </wsp:ExactlyOne> |
| </wsp:Policy> |
| </service> |
| |