Harsha

WS-Trust interoperability samples

Monday Feb 19, 2007

Web Services Interoperability Technologies ( WSIT ) enables interoperability between the Java platform and Microsoft's Windows Communication Foundation (WCF). This includes interoperability in the area of WS-Trust. You can now run samples based on the interoperability scenarios of WS-Trust from the WSIT workspace. You can try the various combinations of message flows by choosing either sun or microsoft as your client or server or the STS. The endpoints configured for Microsoft are as listed in the WCF Interoperability Plug-Fest page. You can use this as a model for the real world scenarios you are trying to develop or compare scenarios if something does not seem to be working in your development workspace.

Given below are the steps to try them. This assumes that you have already installed WSIT on either GlassFish or tomcat. If not, follow the steps in this link.

Start by checking out WSIT source code or just the samples.

cvs -d :pserver:yourid@cvs.dev.java.net:/cvs co wsit/wsit/samples/ws-trust/interop

Checkout the certificates needed for interop with Microsoft

cvs -d :pserver:yourid@cvs.dev.java.net:/cvs co wsit/wsit/samples/ws-trust/certsEdit the build.properties and set either the glassfish.home or tomcat.home to the appropriate directory

glassfish.home=c:/glassfish
Copy the directory wsit/wsit/samples/ws-trust/certs/xws-security to {glassfish.home} or {tomcat.home}

Set up WSIT_HOME system property on the server

For Glassfish:

asadmin create-jvm-options -- -DWSIT_HOME==\$\{com.sun.aas.installRoot\}

For Tomcat, set or export the following environment variable in the terminal in which you start tomcat

CATALINA_OPTS=-DWSIT_HOME=c:/tomcat

Restart GlassFish or Tomcat

Go to the interop directory.
cd wsit/wsit/samples/ws-trust/interop/
There are 4 scenarios , namely transport-binding,mutual-certificate-10, mutual-certificate-11 , secureconversation-mutual-certificate-11. As the names suggest, they are based on the security policy used in each scenario.

Select a scenario, go to that directory.

cd src/mutual-certificate-10

Run the scenario by the following ant target

ant s-s-s

The above notation is a short form of saying run the scenario by selecting sun as the client, STS and the server. You can change it to say,

ant s-m-s

in which case, sun client contacts Microsoft's STS, gets a token issued, secures the message with that token and sends it to the Sun server.

You can also run

ant m-s-s

in which case we use Microsoft's Hosted Client to call Sun's STS and Sun's server. Note that this will only work if the sun's endpoints are reachable from Microsoft's public endpoints.

There are other ways to run the samples. You can say

ant -Dclient=sun -Dsts=ms -Dserver=ms

and the sample will run with the combination suggested.

You can also edit the build.properties, and set the properties client,sts,server appropriately and just say

ant

The readme.txt in the wsit/wsit/samples/ws-trust/interop folder gives further details for running the transport-binding and secureconversation-mutual-certificate-11 scenario.

As you have seen, just by changing some command line parameters you can play around with lot of combinations of message flows in WS-Trust scenarios (For eg, you can try s-s-s,s-s-m,s-m-s,s-m-m, m-s-s,m-s-m, m-m-s, m-m-m).

If you want to see those messages , turn on the WSIT message logging properties on the client and server side.

Provide feedback either my mailing to the WSIT mailing lists or by leaving a comment on this blog entry.