Invoking WS-Trust from Indigo
Making a WS-Trust RST Issue call from Indigo is pretty simple. I defined a custom security binding with a endpoint reference and presto...ws-trust.
To do this, I added this to the federationParameters section of a custom binding security element:
<endpoint address="http://192.168.9.10:8080/simpleservice" bindingConfiguration="WSTrustBinding" bindingSectionName="wsProfileBinding"/>
I then reference the binding from my client endpoint reference, and when I invoked my client, it makes this call:
POST /simpleservice HTTP/1.1
Content-Type: application/soap+xml; charset="utf-8" action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue"
Host: 192.168.9.11
Content-Length: 1304
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>uuid:6e984807-8946-4201-a757-2b6829a5fdb4;id=0</a:MessageID>
<a:To s:mustUnderstand="1">http://192.168.9.10:8080/simpleservice</a:To>
<a:ReplyTo>
<a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<t:RequestSecurityToken Context="uuid-58ae93d3-a412-4ee4-97ab-288bc880b35a-2" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:BinaryExchange ValueType="http://schemas.microsoft.com/net/2004/07/secext/WS-SPNego">TlRMTVNTUAABAAAAt4IY4gAAAAAAAAAAAAAAAAAAAAAFAs4OAAAADw==</t:BinaryExchange>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://schemas.microsoft.com/2003/10/Serialization/">
<Address>http://192.168.9.10:8080/simpleservice</Address>
</EndpointReference>
</wsp:AppliesTo>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body></s:Envelope>
Looks to be using a web serivce binding of SPNego by default. I wish I had a remote STS to play with...
No comments:
Post a Comment