| <?xml version="1.0" encoding="UTF-8"?> | |
| <!-- | |
| ! | |
| ! Copyright 2006 The Apache Software Foundation. | |
| ! | |
| ! Licensed under the Apache License, Version 2.0 (the "License"); | |
| ! you may not use this file except in compliance with the License. | |
| ! You may obtain a copy of the License at | |
| ! | |
| ! http://www.apache.org/licenses/LICENSE-2.0 | |
| ! | |
| ! Unless required by applicable law or agreed to in writing, software | |
| ! distributed under the License is distributed on an "AS IS" BASIS, | |
| ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| ! See the License for the specific language governing permissions and | |
| ! limitations under the License. | |
| !--> | |
| <!-- services.xml of Sample 06 : Trust sample with mex --> | |
| <serviceGroup> | |
| <service name="STS"> | |
| <module ref="rampart" /> | |
| <module ref="addressing" /> | |
| <module ref="rahas" /> | |
| <parameter name="saml-issuer-config"> | |
| <saml-issuer-config> | |
| <issuerName>SAMPLE_STS</issuerName> | |
| <issuerKeyAlias>sts</issuerKeyAlias> | |
| <issuerKeyPassword>apache</issuerKeyPassword> | |
| <cryptoProperties> | |
| <crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> | |
| <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property> | |
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> | |
| </crypto> | |
| </cryptoProperties> | |
| <timeToLive>300000</timeToLive> | |
| <keySize>256</keySize> | |
| <addRequestedAttachedRef /> | |
| <addRequestedUnattachedRef /> | |
| <!-- | |
| Key computation mechanism | |
| 1 - Use Request Entropy | |
| 2 - Provide Entropy | |
| 3 - Use Own Key | |
| --> | |
| <keyComputation>2</keyComputation> | |
| <!-- | |
| proofKeyType element is valid only if the keyComputation is set to 3 | |
| i.e. Use Own Key | |
| Valid values are: EncryptedKey & BinarySecret | |
| --> | |
| <proofKeyType>BinarySecret</proofKeyType> | |
| <trusted-services> | |
| <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> --> | |
| <service alias="sts">*</service> | |
| </trusted-services> | |
| </saml-issuer-config> | |
| </parameter> | |
| <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> | |
| <wsp:ExactlyOne> | |
| <wsp:All> | |
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:InitiatorToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:InitiatorToken> | |
| <sp:RecipientToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:RecipientToken> | |
| <sp:AlgorithmSuite> | |
| <wsp:Policy> | |
| <sp:TripleDesRsa15/> | |
| </wsp:Policy> | |
| </sp:AlgorithmSuite> | |
| <sp:Layout> | |
| <wsp:Policy> | |
| <sp:Strict/> | |
| </wsp:Policy> | |
| </sp:Layout> | |
| <sp:IncludeTimestamp/> | |
| <sp:OnlySignEntireHeadersAndBody/> | |
| </wsp:Policy> | |
| </sp:AsymmetricBinding> | |
| <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:MustSupportRefKeyIdentifier/> | |
| <sp:MustSupportRefIssuerSerial/> | |
| </wsp:Policy> | |
| </sp:Wss10> | |
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <sp:Body/> | |
| </sp:SignedParts> | |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
| <ramp:user>sts</ramp:user> | |
| <ramp:encryptionUser>client</ramp:encryptionUser> | |
| <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass> | |
| <ramp:signatureCrypto> | |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> | |
| </ramp:crypto> | |
| </ramp:signatureCrypto> | |
| </ramp:RampartConfig> | |
| </wsp:All> | |
| </wsp:ExactlyOne> | |
| </wsp:Policy> | |
| </service> | |
| <service name="sample06"> | |
| <operation name="echo"> | |
| <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> | |
| </operation> | |
| <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter> | |
| <module ref="rampart" /> | |
| <module ref="addressing" /> | |
| <wsp:Policy wsu:Id="SgnOnlyAnonymous" | |
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" | |
| xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" | |
| xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" | |
| xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:ExactlyOne> | |
| <wsp:All> | |
| <sp:SymmetricBinding> | |
| <wsp:Policy> | |
| <sp:ProtectionToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> | |
| <wsp:Policy> | |
| <sp:RequireThumbprintReference/> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:ProtectionToken> | |
| <sp:AlgorithmSuite> | |
| <wsp:Policy> | |
| <sp:Basic128/> | |
| </wsp:Policy> | |
| </sp:AlgorithmSuite> | |
| <sp:Layout> | |
| <wsp:Policy> | |
| <sp:Lax/> | |
| </wsp:Policy> | |
| </sp:Layout> | |
| <sp:IncludeTimestamp/> | |
| <sp:OnlySignEntireHeadersAndBody/> | |
| </wsp:Policy> | |
| </sp:SymmetricBinding> | |
| <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> | |
| <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address> | |
| <Metadata xmlns="http://www.w3.org/2005/08/addressing"> | |
| <mex:Metadata | |
| xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
| <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> | |
| <mex:MetadataReference> | |
| <Address | |
| xmlns="http://www.w3.org/2005/08/addressing">http://localhost:@port@/axis2/services/mex</Address> | |
| </mex:MetadataReference> | |
| </mex:MetadataSection> | |
| </mex:Metadata> | |
| </Metadata> | |
| </Issuer> | |
| <sp:RequestSecurityTokenTemplate> | |
| <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> | |
| <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType> | |
| <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize> | |
| </sp:RequestSecurityTokenTemplate> | |
| <wsp:Policy> | |
| <sp:RequireInternalReference/> | |
| </wsp:Policy> | |
| </sp:IssuedToken> | |
| </wsp:Policy> | |
| </sp:SupportingTokens> | |
| <sp:SignedParts> | |
| <sp:Body/> | |
| </sp:SignedParts> | |
| <sp:Wss11> | |
| <wsp:Policy> | |
| <sp:MustSupportRefKeyIdentifier/> | |
| <sp:MustSupportRefIssuerSerial/> | |
| <sp:MustSupportRefThumbprint/> | |
| <sp:MustSupportRefEncryptedKey/> | |
| <sp:RequireSignatureConfirmation/> | |
| </wsp:Policy> | |
| </sp:Wss11> | |
| <sp:Trust10> | |
| <wsp:Policy> | |
| <sp:MustSupportIssuedTokens/> | |
| <sp:RequireClientEntropy/> | |
| <sp:RequireServerEntropy/> | |
| </wsp:Policy> | |
| </sp:Trust10> | |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
| <ramp:user>service</ramp:user> | |
| <ramp:encryptionUser>client</ramp:encryptionUser> | |
| <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass> | |
| <ramp:signatureCrypto> | |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> | |
| </ramp:crypto> | |
| </ramp:signatureCrypto> | |
| </ramp:RampartConfig> | |
| </wsp:All> | |
| </wsp:ExactlyOne> | |
| </wsp:Policy> | |
| </service> | |
| <service name="mex"> | |
| <operation name="get"> | |
| <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping> | |
| <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> | |
| </operation> | |
| <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter> | |
| </service> | |
| </serviceGroup> |