<?xml version="1.0" encoding="UTF-8"?> | |
<!-- | |
! | |
! Copyright 2006 The Apache Software Foundation. | |
! | |
! Licensed under the Apache License, Version 2.0 (the "License"); | |
! you may not use this file except in compliance with the License. | |
! You may obtain a copy of the License at | |
! | |
! http://www.apache.org/licenses/LICENSE-2.0 | |
! | |
! Unless required by applicable law or agreed to in writing, software | |
! distributed under the License is distributed on an "AS IS" BASIS, | |
! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
! See the License for the specific language governing permissions and | |
! limitations under the License. | |
!--> | |
<!-- services.xml of Sample05 : WS Trust --> | |
<serviceGroup> | |
<service name="STS"> | |
<module ref="rampart" /> | |
<module ref="addressing" /> | |
<module ref="rahas" /> | |
<parameter name="saml-issuer-config"> | |
<saml-issuer-config> | |
<issuerName>SAMPLE_STS</issuerName> | |
<issuerKeyAlias>service</issuerKeyAlias> | |
<issuerKeyPassword>apache</issuerKeyPassword> | |
<cryptoProperties> | |
<crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
<property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> | |
<property name="org.apache.ws.security.crypto.merlin.file">service.jks</property> | |
<property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> | |
</crypto> | |
</cryptoProperties> | |
<timeToLive>300000</timeToLive> | |
<keySize>256</keySize> | |
<addRequestedAttachedRef /> | |
<addRequestedUnattachedRef /> | |
<!-- | |
Key computation mechanism | |
1 - Use Request Entropy | |
2 - Provide Entropy | |
3 - Use Own Key | |
--> | |
<keyComputation>2</keyComputation> | |
<!-- | |
proofKeyType element is valid only if the keyComputation is set to 3 | |
i.e. Use Own Key | |
Valid values are: EncryptedKey & BinarySecret | |
--> | |
<proofKeyType>BinarySecret</proofKeyType> | |
<trusted-services> | |
<service alias="service">*</service> | |
</trusted-services> | |
</saml-issuer-config> | |
</parameter> | |
<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> | |
<wsp:ExactlyOne> | |
<wsp:All> | |
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<wsp:Policy> | |
<sp:InitiatorToken> | |
<wsp:Policy> | |
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> | |
<wsp:Policy> | |
<sp:RequireThumbprintReference/> | |
<sp:WssX509V3Token10/> | |
</wsp:Policy> | |
</sp:X509Token> | |
</wsp:Policy> | |
</sp:InitiatorToken> | |
<sp:RecipientToken> | |
<wsp:Policy> | |
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> | |
<wsp:Policy> | |
<sp:RequireThumbprintReference/> | |
<sp:WssX509V3Token10/> | |
</wsp:Policy> | |
</sp:X509Token> | |
</wsp:Policy> | |
</sp:RecipientToken> | |
<sp:AlgorithmSuite> | |
<wsp:Policy> | |
<sp:TripleDesRsa15/> | |
</wsp:Policy> | |
</sp:AlgorithmSuite> | |
<sp:Layout> | |
<wsp:Policy> | |
<sp:Strict/> | |
</wsp:Policy> | |
</sp:Layout> | |
<sp:IncludeTimestamp/> | |
<sp:OnlySignEntireHeadersAndBody/> | |
</wsp:Policy> | |
</sp:AsymmetricBinding> | |
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<wsp:Policy> | |
<sp:MustSupportRefKeyIdentifier/> | |
<sp:MustSupportRefIssuerSerial/> | |
</wsp:Policy> | |
</sp:Wss10> | |
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<sp:Body/> | |
</sp:SignedParts> | |
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
<ramp:user>service</ramp:user> | |
<ramp:encryptionUser>client</ramp:encryptionUser> | |
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass> | |
<ramp:signatureCrypto> | |
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> | |
</ramp:crypto> | |
</ramp:signatureCrypto> | |
</ramp:RampartConfig> | |
</wsp:All> | |
</wsp:ExactlyOne> | |
</wsp:Policy> | |
</service> | |
<service name="sample05"> | |
<operation name="echo"> | |
<messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> | |
</operation> | |
<parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter> | |
<module ref="rampart" /> | |
<module ref="addressing" /> | |
<wsp:Policy wsu:Id="SgnOnlyAnonymous" | |
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" | |
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" | |
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" | |
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<wsp:ExactlyOne> | |
<wsp:All> | |
<sp:SymmetricBinding> | |
<wsp:Policy> | |
<sp:ProtectionToken> | |
<wsp:Policy> | |
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> | |
<wsp:Policy> | |
<sp:RequireThumbprintReference/> | |
<sp:WssX509V3Token10/> | |
</wsp:Policy> | |
</sp:X509Token> | |
</wsp:Policy> | |
</sp:ProtectionToken> | |
<sp:AlgorithmSuite> | |
<wsp:Policy> | |
<sp:Basic128/> | |
</wsp:Policy> | |
</sp:AlgorithmSuite> | |
<sp:Layout> | |
<wsp:Policy> | |
<sp:Lax/> | |
</wsp:Policy> | |
</sp:Layout> | |
<sp:IncludeTimestamp/> | |
<sp:OnlySignEntireHeadersAndBody/> | |
</wsp:Policy> | |
</sp:SymmetricBinding> | |
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<wsp:Policy> | |
<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> | |
<Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
<Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address> | |
</Issuer> | |
<sp:RequestSecurityTokenTemplate> | |
<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> | |
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType> | |
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize> | |
</sp:RequestSecurityTokenTemplate> | |
<wsp:Policy> | |
<sp:RequireInternalReference/> | |
</wsp:Policy> | |
</sp:IssuedToken> | |
</wsp:Policy> | |
</sp:SupportingTokens> | |
<sp:SignedParts> | |
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> | |
<sp:Body/> | |
</sp:SignedParts> | |
<sp:Wss11> | |
<wsp:Policy> | |
<sp:MustSupportRefKeyIdentifier/> | |
<sp:MustSupportRefIssuerSerial/> | |
<sp:MustSupportRefThumbprint/> | |
<sp:MustSupportRefEncryptedKey/> | |
<sp:RequireSignatureConfirmation/> | |
</wsp:Policy> | |
</sp:Wss11> | |
<sp:Trust10> | |
<wsp:Policy> | |
<sp:MustSupportIssuedTokens/> | |
<sp:RequireClientEntropy/> | |
<sp:RequireServerEntropy/> | |
</wsp:Policy> | |
</sp:Trust10> | |
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
<ramp:user>service</ramp:user> | |
<ramp:encryptionUser>client</ramp:encryptionUser> | |
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass> | |
<ramp:signatureCrypto> | |
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> | |
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> | |
</ramp:crypto> | |
</ramp:signatureCrypto> | |
</ramp:RampartConfig> | |
</wsp:All> | |
</wsp:ExactlyOne> | |
</wsp:Policy> | |
</service> | |
</serviceGroup> |