| <?xml version="1.0" encoding="UTF-8"?>
|
| <!--
|
| !
|
| ! Copyright 2006 The Apache Software Foundation.
|
| !
|
| ! Licensed under the Apache License, Version 2.0 (the "License");
|
| ! you may not use this file except in compliance with the License.
|
| ! You may obtain a copy of the License at
|
| !
|
| ! http://www.apache.org/licenses/LICENSE-2.0
|
| !
|
| ! Unless required by applicable law or agreed to in writing, software
|
| ! distributed under the License is distributed on an "AS IS" BASIS,
|
| ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| ! See the License for the specific language governing permissions and
|
| ! limitations under the License.
|
| !-->
|
| <!-- services.xml of Sample05 : WS Trust -->
|
| <serviceGroup> |
| <service name="STS">
|
| <module ref="rampart" />
|
| <module ref="addressing" /> |
| <module ref="rahas" /> |
| <parameter name="saml-issuer-config">
|
| <saml-issuer-config>
|
| <issuerName>SAMPLE_STS</issuerName>
|
| <issuerKeyAlias>service</issuerKeyAlias>
|
| <issuerKeyPassword>apache</issuerKeyPassword>
|
| <cryptoProperties>
|
| <crypto provider="org.apache.ws.security.components.crypto.Merlin">
|
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
|
| <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
|
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
|
| </crypto>
|
| </cryptoProperties>
|
| <timeToLive>300000</timeToLive>
|
| <keySize>256</keySize>
|
| <addRequestedAttachedRef />
|
| <addRequestedUnattachedRef />
|
|
|
| <!--
|
| Key computation mechanism
|
| 1 - Use Request Entropy
|
| 2 - Provide Entropy
|
| 3 - Use Own Key
|
| -->
|
| <keyComputation>2</keyComputation>
|
|
|
| <!--
|
| proofKeyType element is valid only if the keyComputation is set to 3
|
| i.e. Use Own Key
|
|
|
| Valid values are: EncryptedKey & BinarySecret
|
| -->
|
| <proofKeyType>BinarySecret</proofKeyType>
|
| <trusted-services> |
| <service alias="service">*</service>
|
| </trusted-services>
|
| </saml-issuer-config>
|
| </parameter>
|
|
|
| <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
|
| <wsp:ExactlyOne>
|
| <wsp:All>
|
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
|
| <wsp:Policy>
|
| <sp:InitiatorToken>
|
| <wsp:Policy>
|
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
|
| <wsp:Policy> |
| <sp:RequireThumbprintReference/>
|
| <sp:WssX509V3Token10/>
|
| </wsp:Policy>
|
| </sp:X509Token>
|
| </wsp:Policy>
|
| </sp:InitiatorToken>
|
| <sp:RecipientToken>
|
| <wsp:Policy>
|
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
|
| <wsp:Policy> |
| <sp:RequireThumbprintReference/>
|
| <sp:WssX509V3Token10/>
|
| </wsp:Policy>
|
| </sp:X509Token>
|
| </wsp:Policy>
|
| </sp:RecipientToken>
|
| <sp:AlgorithmSuite>
|
| <wsp:Policy>
|
| <sp:TripleDesRsa15/>
|
| </wsp:Policy>
|
| </sp:AlgorithmSuite>
|
| <sp:Layout>
|
| <wsp:Policy>
|
| <sp:Strict/>
|
| </wsp:Policy>
|
| </sp:Layout>
|
| <sp:IncludeTimestamp/>
|
| <sp:OnlySignEntireHeadersAndBody/>
|
| </wsp:Policy>
|
| </sp:AsymmetricBinding>
|
| <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
|
| <wsp:Policy>
|
| <sp:MustSupportRefKeyIdentifier/>
|
| <sp:MustSupportRefIssuerSerial/>
|
| </wsp:Policy>
|
| </sp:Wss10>
|
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
|
| <sp:Body/>
|
| </sp:SignedParts>
|
|
|
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
|
| <ramp:user>service</ramp:user>
|
| <ramp:encryptionUser>client</ramp:encryptionUser>
|
| <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
|
|
|
| <ramp:signatureCrypto>
|
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
|
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
|
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
|
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
|
| </ramp:crypto>
|
| </ramp:signatureCrypto> |
| |
|
|
| </ramp:RampartConfig>
|
|
|
| </wsp:All>
|
| </wsp:ExactlyOne>
|
| </wsp:Policy> |
|
|
|
|
| </service> |
| <service name="sample05"> |
| <operation name="echo"> |
| <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> |
| </operation> |
| <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter> |
| |
| <module ref="rampart" /> |
| <module ref="addressing" /> |
| |
| <wsp:Policy wsu:Id="SgnOnlyAnonymous" |
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" |
| xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" |
| xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" |
| xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:ExactlyOne> |
| <wsp:All> |
| <sp:SymmetricBinding> |
| <wsp:Policy> |
| <sp:ProtectionToken> |
| <wsp:Policy> |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> |
| <wsp:Policy> |
| <sp:RequireThumbprintReference/> |
| <sp:WssX509V3Token10/> |
| </wsp:Policy> |
| </sp:X509Token> |
| </wsp:Policy> |
| </sp:ProtectionToken> |
| <sp:AlgorithmSuite> |
| <wsp:Policy> |
| <sp:Basic256/> |
| </wsp:Policy> |
| </sp:AlgorithmSuite> |
| <sp:Layout> |
| <wsp:Policy> |
| <sp:Lax/> |
| </wsp:Policy> |
| </sp:Layout> |
| <sp:IncludeTimestamp/> |
| <sp:OnlySignEntireHeadersAndBody/> |
| </wsp:Policy> |
| </sp:SymmetricBinding> |
| <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> |
| <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address> |
| </Issuer> |
| <sp:RequestSecurityTokenTemplate> |
| <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> |
| <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType> |
| <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize> |
| </sp:RequestSecurityTokenTemplate> |
| <wsp:Policy> |
| <sp:RequireInternalReference/> |
| </wsp:Policy> |
| </sp:IssuedToken> |
| <sp:SignedParts> |
| <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> |
| </sp:SignedParts> |
| </wsp:Policy> |
| </sp:SupportingTokens> |
| <sp:SignedParts> |
| <sp:Body/> |
| </sp:SignedParts> |
| <sp:Wss11> |
| <wsp:Policy> |
| <sp:MustSupportRefKeyIdentifier/> |
| <sp:MustSupportRefIssuerSerial/> |
| <sp:MustSupportRefThumbprint/> |
| <sp:MustSupportRefEncryptedKey/> |
| <sp:RequireSignatureConfirmation/> |
| </wsp:Policy> |
| </sp:Wss11> |
| <sp:Trust10> |
| <wsp:Policy> |
| <sp:MustSupportIssuedTokens/> |
| <sp:RequireClientEntropy/> |
| <sp:RequireServerEntropy/> |
| </wsp:Policy> |
| </sp:Trust10> |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> |
| <ramp:user>service</ramp:user> |
| <ramp:encryptionUser>client</ramp:encryptionUser> |
| <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass> |
| |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| </ramp:RampartConfig> |
| </wsp:All> |
| </wsp:ExactlyOne> |
| </wsp:Policy> |
| |
| |
| </service> |
| </serviceGroup>
|