Monday, February 16, 2009

Secure Token Service with WSO2 WSAS 3.0

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up the STS ships with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

WSAS distribution comes with an STS sample - and let's see how to set it up.

Go to [WSAS_HOME]/samples/sts-sample and type ant

Start WSO2 WSAS (If you haven't already started it)

Log into WSO2 WSAS administration console with admin/admin

Go to Service --> List --> Select "wso2carbon-sts" service --> Security --> setup security scenario "Sign and encrypt - X509 Authentication" on it.

Make sure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Service --> List --> Select "HelloService" service and copy the http service address.

Once again select "wso2carbon-sts" service and navigate to "Configure STS". Paste/type the http endpoint address of "HelloService" service in "Add new trusted service"->"Endpoint Address". Select the WSO2WSAS private key's certificate alias (wso2carbon)

Go back to "HelloService" service and setup security scenario "SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication" on it.Makesure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Key Stores --> Import Cert -- > Import [WSAS_HOME]/samples/sts-sample/conf/client.cert into the wso2carbon keystore.

Go to [WSAS_HOME]/samples/sts-sample and run the client.

run-client.bat <wso2carbon-sts-http-address> <hello-service-http-address>

Example :

run-client.bat http://10.100.1.97:9763/services/wso2carbon-sts http://10.100.1.97:9763/services/HelloService

Notes:

1. You need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar)to $JAVA_HOME/jre/lib/security.

2. Make sure is exactly the same as the url you added as a trusted service to the STS

7 comments:

crystal said...

Thank you so much!!polo shirt men'ssweate,Burberry Polo Shirts lacoste sweater, ralph lauren Columbia Jackets,ski clothing. Free Shipping, PayPal Payment. Enjoy your shopping experience on mensclothingus.com.You can find the father who desire fashionable, intellectual mens clothing simultaneously.
http://www.pumafr.com/blog
http://poloshirtsonline.blogspot.com
http://thediary.org/mensclothing
http://blog.livedoor.jp/dokoma
http://www.itimes.com/my_blog.php

crystal said...

Awesome!!!Best wishes for you !!cheap polo shirts is the father of the summer should be prepared to most commonly used item, it has both style and shape of Ralph Lauren Polo, and vest with a random function polo ralph lauren, so that in the short-sleeved apply to both on many occasions, the pink and black color men's polo shirts brought into effect, lightweight cotton, linen texture to demonstrate masculine temperament and sense of fashion exhaustively.

venus said...

God bless you!I really agree with your opinions.Also,there are some new fashion things here,gillette razor blades.gillette mach3 razor bladesfor men.As for ladies,gillette venus razor blades must the best gift for you in summer,gillette fusion blades are all the best choice for you.

crystal said...

Perfect!!You are a outstanding person!Have you ever wore chaussures puma,Here are the most popular puma CAT,Puma shoes store gives some preview of puma speed cat,and casual but no sweat puma basket.
http://wholesalepoloshirts.edublogs.org
http://kingluo.blog.co.uk
http://www.teenblog.org/Kingluo
http://blog.goo.ne.jp/pumafr
http://poloshirts.spaces.live.com

crystal said...

Do not mean bad.Thank you so much!I just want to show some fashion things to all of you.I like puma speed, puma femmes and other puma shoes. These puma sport items are at store recently and available for anyone.

venus said...

Fantastic!God bless you!Meanwhile,you can visit my China Wholesale,we have the highest quality but the lowest price fashion products wholesale from China.Here are the most popular China Wholesale productsfor all of you.You can visit http://chinaclothes.net.Also the polo clothing is a great choice for you.
real life
chaussures puma zone
chaussures puma online
polo shirts lj's blog
mensclothingus
ugg boots'camp

IsildurMaC said...

Hi,
I've downloaded wso2wsas v.3.2.0, and I'm setting up the sts-sample app as per the readme file. I've followed all the instructions, but am getting the following error:

D:\DesarrolloWS\SA\wso2wsas-3.2.0\samples\sts-sample>run-client.bat http://127.0.0.1:9763/services/wso2carbon-sts http://127.0.0.1:9763/services/HelloService

Using WSO2WSAS_HOME: D:\DesarrolloWS\SA\wso2wsas-3.2.0
Using JAVA_HOME: c:\Archivos de programa\Java\jdk1.6.0_14

log4j:WARN No appenders could be found for logger (org.apache.axis2.deployment.FileSystemConfigurator).
log4j:WARN Please initialize the log4j system properly.

Exception in thread "main" org.apache.rahas.TrustException: Error in obtaining token from : "http://127.0.0.1:9763/services/wso2carbon-sts"
at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:147)
at org.wso2.wsas.sample.sts.client.Client.main(Client.java:72)

Caused by: org.apache.axis2.AxisFault: Unable to engage module : addressing at org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:364)
at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:135)
... 1 more


Any idea how I can get this working?
Thanks
Jorge.