| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| <document> |
| <properties> |
| <title>Setting up a Security Token Service</title> |
| </properties> |
| <head> |
| </head> |
| <body> |
| <h1>Setting up a Security Token Service</h1> |
| <h3>Setting up a Security Token Service</h3> |
| <p>Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.</p> |
| <strong>STS with a custom issuer</strong> |
| <p>First the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the <code>"org.apache.rahas.TokenIssuer"</code> interface. Let's say that your issuer is <code>"org.custom.MyIssuer"</code>. Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.</p> |
| |
| <pre> |
| |
| <module ref="rampart" /> |
| |
| <operation name="IssueToken" |
| mep="http://www.w3.org/ns/wsdl/in-out"> |
| <messageReceiver |
| class="org.apache.rahas.STSMessageReceiver"/> |
| |
| <!-- Action mapping to accept RST requests --> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping> |
| <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping> |
| |
| <parameter name="token-dispatcher-configuration"> |
| <token-dispatcher-configuration> |
| <!-- Issuers. You may have many issuers. --> |
| <issuer class="org.custom.MyIssuer" default="true"> |
| <configuration |
| type="parameter">saml-issuer-config</configuration> |
| <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType> |
| </issuer> |
| </token-dispatcher-configuration> |
| </parameter> |
| |
| </operation> |
| |
| </pre> |
| </body> |
| </document> |