| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia at 18 Jan 2016 |
| | Rendered using Apache Maven Fluido Skin 1.4 |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="Date-Revision-yyyymmdd" content="20160118" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| <title>Apache Rampart – Setting up a Security Token Service</title> |
| <link rel="stylesheet" href="./css/apache-maven-fluido-1.4.min.css" /> |
| <link rel="stylesheet" href="./css/site.css" /> |
| <link rel="stylesheet" href="./css/print.css" media="print" /> |
| |
| |
| <script type="text/javascript" src="./js/apache-maven-fluido-1.4.min.js"></script> |
| |
| |
| </head> |
| <body class="topBarDisabled"> |
| |
| |
| |
| <div class="container-fluid"> |
| <div id="banner"> |
| <div class="pull-left"> |
| <div id="bannerLeft"> |
| <img src="images/apache-rampart-logo.jpg" /> |
| </div> |
| </div> |
| <div class="pull-right"> <a href="http://www.apache.org" id="bannerRight"> |
| <img src="http://www.apache.org/images/asf_logo_wide.png" /> |
| </a> |
| </div> |
| <div class="clear"><hr/></div> |
| </div> |
| |
| <div id="breadcrumbs"> |
| <ul class="breadcrumb"> |
| |
| |
| <li id="publishDate">Last Published: 18 Jan 2016 |
| <span class="divider">|</span> |
| </li> |
| <li id="projectVersion">Version: 1.7.0 |
| </li> |
| |
| |
| |
| |
| |
| <li class="pull-right"> |
| <a href="../core/" title="Apache Axis2/Java"> |
| Apache Axis2/Java</a> |
| </li> |
| |
| </ul> |
| </div> |
| |
| |
| <div class="row-fluid"> |
| <div id="leftColumn" class="span2"> |
| <div class="well sidebar-nav"> |
| |
| |
| <ul class="nav nav-list"> |
| <li class="nav-header">Apache Rampart</li> |
| |
| <li> |
| |
| <a href="index.html" title="Home"> |
| <span class="none"></span> |
| Home</a> |
| </li> |
| |
| <li> |
| |
| <a href="javascript:void(0)" title="Downloads"> |
| <span class="icon-chevron-down"></span> |
| Downloads</a> |
| <ul class="nav nav-list"> |
| |
| <li> |
| |
| <a href="download.html" title="Releases"> |
| <span class="none"></span> |
| Releases</a> |
| </li> |
| |
| <li> |
| |
| <a href="svn.html" title="Source Code"> |
| <span class="none"></span> |
| Source Code</a> |
| </li> |
| </ul> |
| </li> |
| |
| <li> |
| |
| <a href="javascript:void(0)" title="Release Notes"> |
| <span class="icon-chevron-down"></span> |
| Release Notes</a> |
| <ul class="nav nav-list"> |
| |
| <li> |
| |
| <a href="release-notes/1.6.1.html" title="1.6.1"> |
| <span class="none"></span> |
| 1.6.1</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.2.html" title="1.6.2"> |
| <span class="none"></span> |
| 1.6.2</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.3.html" title="1.6.3"> |
| <span class="none"></span> |
| 1.6.3</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.4.html" title="1.6.4"> |
| <span class="none"></span> |
| 1.6.4</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.7.0.html" title="1.7.0"> |
| <span class="none"></span> |
| 1.7.0</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-header">Documentation</li> |
| |
| <li> |
| |
| <a href="quick-start.html" title="Getting Started"> |
| <span class="none"></span> |
| Getting Started</a> |
| </li> |
| |
| <li> |
| |
| <a href="samples.html" title="Samples"> |
| <span class="none"></span> |
| Samples</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ" class="externalLink" title="FAQ"> |
| <span class="none"></span> |
| FAQ</a> |
| </li> |
| |
| <li> |
| |
| <a href="rampartconfig-guide.html" title="Rampart Configuration"> |
| <span class="none"></span> |
| Rampart Configuration</a> |
| </li> |
| |
| <li class="active"> |
| |
| <a href="#"><span class="none"></span>STS Configuration</a> |
| </li> |
| |
| <li> |
| |
| <a href="developer-guide.html" title="Developer Guide"> |
| <span class="none"></span> |
| Developer Guide</a> |
| </li> |
| |
| <li> |
| |
| <a href="siteHowTo.html" title="Build the Site"> |
| <span class="none"></span> |
| Build the Site</a> |
| </li> |
| <li class="nav-header">Resources</li> |
| |
| <li> |
| |
| <a href="articles.html" title="Articles"> |
| <span class="none"></span> |
| Articles</a> |
| </li> |
| |
| <li> |
| |
| <a href="specifications.html" title="Specifications"> |
| <span class="none"></span> |
| Specifications</a> |
| </li> |
| |
| <li> |
| |
| <a href="apidocs/index.html" title="Online Javadocs"> |
| <span class="none"></span> |
| Online Javadocs</a> |
| </li> |
| <li class="nav-header">Project Information</li> |
| |
| <li> |
| |
| <a href="team-list.html" title="Project Team"> |
| <span class="none"></span> |
| Project Team</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://issues.apache.org/jira/browse/Rampart" class="externalLink" title="Issue Tracking"> |
| <span class="none"></span> |
| Issue Tracking</a> |
| </li> |
| |
| <li> |
| |
| <a href="mail-lists.html" title="Mailing Lists"> |
| <span class="none"></span> |
| Mailing Lists</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://svn.apache.org/viewvc/axis/axis2/java/rampart/" class="externalLink" title="Source Code"> |
| <span class="none"></span> |
| Source Code</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/licenses/" class="externalLink" title="License"> |
| <span class="none"></span> |
| License</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsorship"> |
| <span class="none"></span> |
| Sponsorship</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"> |
| <span class="none"></span> |
| Thanks</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/security/" class="externalLink" title="Security"> |
| <span class="none"></span> |
| Security</a> |
| </li> |
| </ul> |
| |
| |
| |
| <hr /> |
| |
| <div id="poweredBy"> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| </div> |
| </div> |
| </div> |
| |
| |
| <div id="bodyColumn" class="span10" > |
| |
| <!-- ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. --> |
| |
| <h1>Setting up a Security Token Service</h1> |
| |
| <div class="section"> |
| <h3><a name="Setting_up_a_Security_Token_Service"></a>Setting up a Security Token Service</h3> |
| |
| <p>Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.</p> |
| <b>STS with a custom issuer</b> |
| |
| <p>First the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the <tt>"org.apache.rahas.TokenIssuer"</tt> interface. Let's say that your issuer is <tt>"org.custom.MyIssuer"</tt>. Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.</p> |
| |
| |
| <div> |
| <pre> |
| |
| <module ref="rampart" /> |
| |
| <operation name="IssueToken" |
| mep="http://www.w3.org/ns/wsdl/in-out"> |
| <messageReceiver |
| class="org.apache.rahas.STSMessageReceiver"/> |
| |
| <!-- Action mapping to accept RST requests --> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping> |
| |
| <parameter name="token-dispatcher-configuration"> |
| <token-dispatcher-configuration> |
| <!-- Issuers. You may have many issuers. --> |
| <issuer class="org.custom.MyIssuer" default="true"> |
| <configuration |
| type="parameter">saml-issuer-config</configuration> |
| <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> |
| </issuer> |
| </token-dispatcher-configuration> |
| </parameter> |
| |
| </operation> |
| |
| </pre></div> |
| </div> |
| |
| </div> |
| </div> |
| </div> |
| |
| <hr/> |
| |
| <footer> |
| <div class="container-fluid"> |
| <div class="row-fluid"> |
| <p >Copyright © 2005–2016 |
| <a href="http://www.apache.org">Apache Software Foundation</a>. |
| All rights reserved. |
| |
| </p> |
| </div> |
| |
| |
| </div> |
| </footer> |
| </body> |
| </html> |