« Give Him OpenSSO... | Main | Like to Get to Know... »
Tuesday Jan 13, 2009

Use SOAP 1.1 with OpenSSO Security Token Service

OpenSSO Enterprise 8.0 contains a Security Token Service. The Security Token Service verifies the credentials in a request presented by a web services client and, in response, issues a security token to provide proof that the client has authenticated with the Security Token Service. The web services client presents the security token to the web service which verifies that it was issued by a trusted Security Token Service. SOAP enables the exchange of these messages using a variety of underlying protocols. Out of the box, the Security Token Service supports SOAP 1.2 as a binding, a formal set of rules for transporting the messages. In order to enable SOAP 1.1 as a binding, make the following changes to before deploying the OpenSSO WAR.

  1. Download and unzip opensso.zip.

  2. Extract the contents of opensso.war using the jar command.

  3. Change into the WEB-INF/wsdl directory.

  4. Replace the default famsts.wsdl with the modified famsts.wsdl available here.

    Backup the original famsts.wsdl.

  5. Change into the WEB-INF directory.

  6. Replace the default sun-jaxws.xml with the modified sun-jaxws.xml available here.

    Backup the original sun-jaxws.xml.

  7. Modify the web.xml also located in the WEB-INF directory by adding the following two entries to the file as positioned below. 

    
<url-pattern>/sts/mex</url-pattern>
</servlet-mapping>

<servlet-mapping>
      <servlet-name>sts</servlet-name>
      <url-pattern>/sts/soap11</url-pattern>
  </servlet-mapping>
 
  <servlet-mapping>
        <servlet-name>sts</servlet-name>
        <url-pattern>/sts/mexsoap11</url-pattern>
  </servlet-mapping>
 
<session-config>
   <session-timeout>60</session-timeout>
</session-config>

  8. Archive a modified opensso.war, deploy it as usual and OpenSSO will be ready to use SOAP 1.1 as a binding for the Security Token Service.

Keeping in the SOAP mode, here's the Buggles performing their 1980 hit Clean Clean.

Posted at 02:31PM Jan 13, 2009 by Michael Teger in Sun  |  Comments[5]

Comments:

Whenever I'm looking for information on OpenSSO, I always hit your blog - both for the good info, and the great music videos.

Keep up the good work :)

Posted by Dillon Boyer on March 27, 2009 at 04:11 PM PDT #

Thank you, Dillon. I forwarded your comment to my manager.

;>

Posted by Michael Teger on March 29, 2009 at 10:16 AM PDT #

Great information. I am book marking your site. I appreciate this very much.

Wes Jackson
http://www.datcompros.com

Posted by Wes Jackson on June 25, 2009 at 08:04 AM PDT #

Is this how we're to make any necessary changes to the STS's WSDL? I'd like to change the WS-SecurityPolicy of the service to alter what parts of an RST it requires clients to sign. Should I follow this same sort of procedure? Why unpack, modify, and repack the WAR? Why not just modify the files after the WAR is deployed?

Posted by Travis Spencer on October 28, 2009 at 10:37 PM PDT #

Travis, this procedure starts from the download so there is no deployed WAR as yet. I would think you could just modify the the file and restart the web container/OpenSSO but you would also need to make sure that you've changed what needs to be changed everywhere so I would check this out on users@opensso alias before doing so.

I'm also assuming there is no modification of this in the console. I'm writing help for the new console and remember something like this but, off hand, don't recall if it is in the standard console.

Posted by Michael Teger on October 30, 2009 at 07:40 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed