<module name="rahas" class="org.apache.rahas.Rahas"> | |
<Description>This module is used to STS enable a service where it adds | |
the RequestSecurityToken operation to a service that the module is engaged to</Description> | |
<supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy, http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 | |
"/> | |
<operation name="RequestSecurityToken" mep="http://www.w3.org/ns/wsdl/in-out"> | |
<messageReceiver class="org.apache.rahas.STSMessageReceiver"/> | |
<!-- Action mapping to accept SCT requests. For submissive version. --> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> | |
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping> | |
<!-- Action mapping to accept SCT requests. For standard secure conversation version --> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT</actionMapping> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</actionMapping> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew</actionMapping> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel</actionMapping> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel</actionMapping> | |
<actionMapping>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate</actionMapping> | |
<parameter name="token-dispatcher-configuration"> | |
<token-dispatcher-configuration> | |
<!-- Issuers. You may have many issuers. --> | |
<issuer class="org.apache.rahas.impl.SCTIssuer" default="true"> | |
<configuration type="parameter">sct-issuer-config</configuration> | |
<tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType> | |
<tokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</tokenType> | |
</issuer> | |
<issuer class="org.apache.rahas.impl.SAMLTokenIssuer"> | |
<configuration type="parameter">saml-issuer-config</configuration> | |
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> | |
</issuer> | |
<issuer class="org.apache.rahas.impl.SAML2TokenIssuer"> | |
<configuration type="parameter">saml-issuer-config</configuration> | |
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</tokenType> | |
</issuer> | |
<validator class="org.apache.rahas.impl.SAMLTokenValidator" default="true"> | |
<configuration type="parameter">saml-issuer-config</configuration> | |
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> | |
</validator> | |
<!-- Only a single canceler is allowed --> | |
<canceler class="org.apache.rahas.impl.TokenCancelerImpl"> | |
<configuration type="parameter">token-canceler-config</configuration> | |
</canceler> | |
<!-- Renewers. You may have many renewers --> | |
<renewer class="org.apache.rahas.impl.SAMLTokenRenewer" default="true"> | |
<configuration type="parameter">saml-issuer-config</configuration> | |
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> | |
</renewer> | |
</token-dispatcher-configuration> | |
</parameter> | |
</operation> | |
</module> |