From version 3.0 onwards, WSO2 WSAS is powered by Carbon.
This post takes you through all the steps required in setting up the STS ships with WSAS to secure a given service.
First you need to download WSAS 3.0 from here.
WSAS distribution comes with an STS sample - and let's see how to set it up.
Go to [WSAS_HOME]/samples/sts-sample and type ant
Start WSO2 WSAS (If you haven't already started it)
Log into WSO2 WSAS administration console with admin/admin
Go to Service --> List --> Select "wso2carbon-sts" service --> Security --> setup security scenario "Sign and encrypt - X509 Authentication" on it.
Make sure wso2carbon.jks keystore (WSO2WSAS keystore) is used.
Go to Service --> List --> Select "HelloService" service and copy the http service address.
Once again select "wso2carbon-sts" service and navigate to "Configure STS". Paste/type the http endpoint address of "HelloService" service in "Add new trusted service"->"Endpoint Address". Select the WSO2WSAS private key's certificate alias (wso2carbon)
Go back to "HelloService" service and setup security scenario "SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication" on it.Makesure wso2carbon.jks keystore (WSO2WSAS keystore) is used.
Go to Key Stores --> Import Cert -- > Import [WSAS_HOME]/samples/sts-sample/conf/client.cert into the wso2carbon keystore.
Go to [WSAS_HOME]/samples/sts-sample and run the client.
run-client.bat <wso2carbon-sts-http-address> <hello-service-http-address>
Example :
run-client.bat http://10.100.1.97:9763/services/wso2carbon-sts http://10.100.1.97:9763/services/HelloService
Notes:
1. You need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar)to $JAVA_HOME/jre/lib/security.
2. Make sure