Ok, SUN STS is back up.. I also had to make a small change in
UserManager of STS.
Duane
Jiandong Guo wrote:
4B87EFDE.1090509@sun.com" type="cite">
Ok. That is the problem. Comment out:
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="alice" name="usernameHandler"/>
<sc:CallbackHandler default="alice" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
in wsit-client.xml.
Thanks!
Jiandong
Duane DeCouteau wrote:
4B87EEA9.9020704@sbcglobal.net" type="cite">
Then we are not overriding the default set in the wsit sts.xml file for
alice/alice.....
private Element getSAMLAssertionFromSTS(Map runtimeProp) {
// STS information
//sun endpoints
//String stsEndpoint = "http://208.75.163.70:8080/xspa-sts/sts";
String stsMexAddress = "http://208.75.163.70:8080/xspa-sts/sts/mex";
//String appliesTo = "http://208.75.163.71:8080/xspa-rsts/rsts";
String username = (String)
runtimeProp.get(XWSSConstants.USERNAME_PROPERTY);
String password = (String)
runtimeProp.get(XWSSConstants.PASSWORD_PROPERTY);
String stsEndpoint = (String)
runtimeProp.get("XSPASTSEndpoint");
String wsdlLocation = "http://208.75.163.70:8080/xspa-sts/sts?wsdl";
String serviceName = "SecurityTokenService";
String portName = "ISecurityTokenService_Port";
String ns = "http://tempuri.org/";
String appliesTo = "http://208.75.163.71/XSPAInteropWSTrust/XSPAWSTrustServiceProviderService";
// run time claims
XSPAClaims cms = new XSPAClaims();
//subject
if (SecuredPatientToken.getSUBJECT_ID() == null)
System.err.println("Subject id is null");
if (SecuredPatientToken.getSUBJECT_NPI() == null)
System.err.println("Subject npi is null");
if (SecuredPatientToken.getSUBJECT_LOCALITY() == null)
System.err.println("Subject locality is null");
if (SecuredPatientToken.getSUBJECT_STRUCTURED_ROLE() == null)
System.err.println("Subject Role is null");
if (SecuredPatientToken.getSUBJECT_FUNCTIONAL_ROLE() == null)
System.err.println("Subject Funct Role is null");
if (SecuredPatientToken.getSUBJECT_PURPOSE_OF_USE() == null)
System.err.println("Subject POU is null");
if (SecuredPatientToken.getSUBJECT_PERMISSIONS() == null ||
SecuredPatientToken.getSUBJECT_PERMISSIONS().isEmpty())
System.err.println("Subject Permissions are null");
if (SecuredPatientToken.getRESOURCE_ID() == null)
System.err.println("Resource ID is null ITS OK");
if (SecuredPatientToken.getRESOURCE_TYPE() == null)
System.err.println("Resource Type is null");
if (SecuredPatientToken.getRESOURCE_ACTION_ID() == null)
System.err.println("Resource Action is null");
cms.addClaimType(SecuredPatientToken.getSUBJECT_ID_NS(),
SecuredPatientToken.getSUBJECT_ID());
cms.addClaimType(SecuredPatientToken.getSUBJECT_NPI_NS(),
SecuredPatientToken.getSUBJECT_NPI());
cms.addClaimType(SecuredPatientToken.getSUBJECT_LOCALITY_NS(),
SecuredPatientToken.getSUBJECT_LOCALITY());
cms.addClaimType(SecuredPatientToken.getSUBJECT_STRUCTURED_ROLE_NS(),
SecuredPatientToken.getSUBJECT_STRUCTURED_ROLE_OID()+"\""+SecuredPatientToken.getSUBJECT_STRUCTURED_ROLE()+"\"");
cms.addClaimType(SecuredPatientToken.getSUBJECT_FUNCTIONAL_ROLE_NS(),
SecuredPatientToken.getSUBJECT_FUNCTIONAL_ROLE());
cms.addClaimType(SecuredPatientToken.getSUBJECT_PURPOSE_OF_USE_NS(),
SecuredPatientToken.getSUBJECT_PURPOSE_OF_USE());
//get and set hl7 permissions
Set permSet = SecuredPatientToken.getSUBJECT_PERMISSIONS();
List permList = new LinkedList();
Iterator iter = permSet.iterator();
while (iter.hasNext()) {
permList.add(SecuredPatientToken.getSUBJECT_PERMISSIONS_OID()
+(String)iter.next()+"\"");
}
cms.addClaimType(SecuredPatientToken.getSUBJECT_PERMISSIONS_NS(),
permList);
//resource claims
//check for null on patient search
String rId = SecuredPatientToken.getRESOURCE_ID();
if (rId == null || rId.length() == 0)
SecuredPatientToken.setRESOURCE_ID("0");
cms.addClaimType(SecuredPatientToken.getRESOURCE_ID_NS(),
SecuredPatientToken.getRESOURCE_ID());
cms.addClaimType(SecuredPatientToken.getRESOURCE_TYPE_NS(),
SecuredPatientToken.getRESOURCE_TYPE());
cms.addClaimType(SecuredPatientToken.getRESOURCE_ACTION_ID_NS(),
SecuredPatientToken.getRESOURCE_ACTION_ID());
// Create configuration
DefaultSTSIssuedTokenConfiguration config = new
DefaultSTSIssuedTokenConfiguration(
"http://docs.oasis-open.org/ws-sx/ws-trust/200512",
stsEndpoint, wsdlLocation, serviceName, portName, ns);
config.setClaims(cms);
config.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");
config.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey");
config.getOtherOptions().put(XWSSConstants.USERNAME_PROPERTY,
username);
config.getOtherOptions().put(XWSSConstants.PASSWORD_PROPERTY,
password);
try{
IssuedTokenManager manager =
IssuedTokenManager.getInstance();
IssuedTokenContext ctx =
manager.createIssuedTokenContext(config, appliesTo);
manager.getIssuedToken(ctx);
Token issuedToken = ctx.getSecurityToken();
return (Element)issuedToken.getTokenValue();
}catch(Exception ex){
throw new RuntimeException(ex);
}
}
Jiandong Guo wrote:
4B87EA0A.8000700@sun.com" type="cite">
Hi Duane,
See inline ...
Duane DeCouteau wrote:
4B87EA0A.8000700@sun.com" type="cite">
4B87BDA7.4020009@sbcglobal.net" type="cite">Jiandong
and Craig,
1) I have made all necessary changes to client for dynamic addressing
to STS between IBM and Sun implementations.
2) webservices-rt.jar has been updated with
WSTrustClientContractImpl.class in both 208.75.163.70 (Client) and .71
(Service Provider and RSTS).
Jiandong was the update required on both systems?
Just client side. It is fine to add in both to be consistent.
4B87BDA7.4020009@sbcglobal.net" type="cite">
4) Updated Sun STS has been redeployed on 208.75.163.70 host
The first test with above change against SUN STS produced following
exception...which looks to be a failure to add attributes
These are the configured users on the STS: drbob/xspa, drbobibm/xspa,
drbobsun/xspa, drbobjericho/xspa, nursealice/xspa, nursealiceibm/xspa,
nursealicesun/xspa, nursealicejericho/xspa.
Did you use a different user in the test?
Thanks!
Jiandong
4B87BDA7.4020009@sbcglobal.net" type="cite">