Secure Token Service with WSO2 WSAS 3.0

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up the STS ships with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

WSAS distribution comes with an STS sample - and let's see how to set it up.

Go to [WSAS_HOME]/samples/sts-sample and type ant

Start WSO2 WSAS (If you haven't already started it)

Log into WSO2 WSAS administration console with admin/admin

Go to Service --> List --> Select "wso2carbon-sts" service --> Security --> setup security scenario "Sign and encrypt - X509 Authentication" on it.

Make sure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Service --> List --> Select "HelloService" service and copy the http service address.

Once again select "wso2carbon-sts" service and navigate to "Configure STS". Paste/type the http endpoint address of "HelloService" service in "Add new trusted service"->"Endpoint Address". Select the WSO2WSAS private key's certificate alias (wso2carbon)

Go back to "HelloService" service and setup security scenario "SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication" on it.Makesure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Key Stores --> Import Cert -- > Import [WSAS_HOME]/samples/sts-sample/conf/client.cert into the wso2carbon keystore.

Go to [WSAS_HOME]/samples/sts-sample and run the client.

run-client.bat <wso2carbon-sts-http-address> <hello-service-http-address>

Example :



1. You need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar)to $JAVA_HOME/jre/lib/security.

2. Make sure is exactly the same as the url you added as a trusted service to the STS