SHYAM RAO
Example Tutorial to write advance WS-Trust applications
On 6th August, Sun has released Metro1.3
Here is the example tutorial for developing advanced WS-Trust application. The direct links of advanced example applications are as follow :
Example: Broker Trust STS (BT)
Example: STS Issued Token With SecureConversation (STS+SC)
Posted at 11:05AM Aug 11, 2008 by Shyam Rao in WebServicesSecurity | Comments[2]
How to use Key and Encryption Requirements in WS-Trust application using Metro ?
This blog is on how to put additional "Key and Encryption Requirements" in the issued key from SecurityTokenService (STS) for a WS-Trust application using Metro.
Here is the details of Key and Encryption Requirements for a issued key :
SignWith : This optional URI element indicates the desired signature algorithm to be used with the issued security token (typically from the policy of the target site for which the token is being requested.
EncryptWith : This optional URI element indicates the desired encryption algorithm to be used with the issued security token (typically from the policy of the target site for which the token is being requested.)
SignatureAlgorithm : This optional URI element indicates the desired signature algorithm used within the returned token. This is specified as a URI indicating the algorithm (see [XML-Signature] for typical signing algorithms).
EncryptionAlgorithm : This optional URI element indicates the desired encryption algorithm used within the returned token. This is specified as a URI indicating the algorithm (see [XML-Encrypt] for typical encryption algorithms).
CanonicalizationAlgorithm : This optional URI element indicates the desired canonicalization method used within the returned token. This is specified as a URI indicating the method (see [XML-Signature] for typical canonicalization methods).
KeyWrapAlgorithm : This optional URI element indicates the desired algorithm to use for key wrapping when STS encrypts the issued token for the relying party using an asymmetric key.
This is how you can define the above Key and Encryption Requirements under RequestSecurityTokenTemplate assertion in the service wsdl.
<t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>
<t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>
<t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignatureAlgorithm>
<t:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptWith>
<t:SignWith>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignWith>
<t:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:KeyWrapAlgorithm>
</sp:RequestSecurityTokenTemplate>
Posted at 10:43AM Aug 11, 2008 by Shyam Rao in WebServicesSecurity | Comments[0]
