如何在不调用STSClient的情况下将SAML令牌直接放入JAX-WS服务 [英] How to put SAML token directly into JAX-WS service without calling STSClient
问题描述
去年,我在此链接
此网络服务使用 STS服务获取SAML令牌并使用它来访问主要的Web服务.我使用apache cxf的wsdl2java为该Web服务生成JAX-WS客户端.一切都很好.
This webservice use a STS service to get SAML token and use it to access main webservice. I use wsdl2java of apache cxf to generate JAX-WS client for this webservice. Everything was just fine.
最近,他们已经更新了他们的STS服务端点. 此新的STS服务端点.其中具有不同的签名和摘要算法.它在请求正文中有一些额外的元素.
Recently they have updated their STS service endpoint. This new STS service endpoint. Which has different signature and digest algorithm. It has some extra element in request body.
我试图修改当前代码,以使其支持新的STS服务.但是我的代码正在发送相同的RequestSecurityToken请求.我的意思是它没有采用新的要求.我试图采用这种方法,但我做不到.
I tried to modify current code so that it support new STS service. But my code is sending same RequestSecurityToken request.I mean it does not adopt for new requirement. I tried to adopt this but I could not do that.
需要新的STS服务 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 作为新的签名方法,并 http://www.w3.org/2001/04/xmlenc#sha256 作为新的摘要算法.加上它在请求正文中需要以下元素:
New STS service required http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 as new signature method and http://www.w3.org/2001/04/xmlenc#sha256 as new digest algorithm. Plus it required following element in request body:
<tr:ActAs xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
<v13:RelationshipToken xmlns:v13="http://vanguard.business.gov.au/2016/03" ID="1bc9a44e-dccd-49e2-8f29-40d7b1257325">
<v13:Relationship v13:Type="OSPfor">
<v13:Attribute v13:Name="SSID" v13:Value="1234567895"/>
</v13:Relationship>
<v13:FirstParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="27809366375"/>
<v13:SecondParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="89567587874"/>
</v13:RelationshipToken>
</tr:ActAs>
另外,这里还有一些细微的差别.我现在有两种想法:
Plus there are minor differences here. I have two ways now I think:
- 如果我可以将旧代码更改为STS客户端,则使用这些值发送请求.我尝试过但没有成功.
- 它们提供了一些代码,这些代码支持从STS客户端获取SAML断言令牌和证明令牌.如果我可以直接将SAML断言令牌放入我的JAX-WS客户端,那么这个问题也可以解决.
我们将不胜感激任何帮助或建议
Any help or suggestion will be appreciated to us
推荐答案
SHA-256摘要算法通常通过使用需要它的AlgorithmSuite策略来设置(例如Basic256Sha256).我在政策中看到他们仍然在使用"Basic256". CXF允许您通过一些配置属性来配置RSA-SHA256(例如,请参见"ws-security.asymmetric.signature.algorithm",此处
The SHA-256 digest algorithm is normally set by using an AlgorithmSuite policy that requires it (e.g. Basic256Sha256). I see in the policy they are still using "Basic256" however. CXF allows you to configure RSA-SHA256 via some configuration properties (see for example 'ws-security.asymmetric.signature.algorithm' here http://cxf.apache.org/docs/ws-securitypolicy.html). You can set ActAs Object/Element on the STSClient directly.
这篇关于如何在不调用STSClient的情况下将SAML令牌直接放入JAX-WS服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
