https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273898#M50739 Thank you so much for your examples. I had been searching high and low for day for something like this. There aren't any examples of the SOAP bodies in the Talend documentation.&nbsp;<BR />If anyone is interested, here is how to pass SAML token to REST API<BR /><BR />Take the SAML assertion portion of the xml response and <A href="https://www.samltool.com" target="_blank" rel="nofollow noopener noreferrer">deflate and base64 encode</A> it<BR />Set the http header key "Authorization" to the value "SAML xxxx" - where xxxx is the deflated/base64 encoded assertion xml<BR /><BR />reference material: <A href="http://cxf.apache.org/docs/jax-rs-saml.html" rel="nofollow noopener noreferrer">http://cxf.apache.org/docs/jax-rs-saml.html</A><BR />NOTE: make sure that there aren't any special characters in the xml of you will get an error "Signature cryptographic validation not successful" (see runtime log -/log/tesb.tx) - reference: <A href="https://www.talendforge.org/forum/viewtopic.php?pid=164104" target="_blank" rel="nofollow noopener noreferrer">https://www.talendforge.org/forum/viewtopic.php?pid=164104</A><BR /> Thu, 28 Jan 2016 20:39:25 GMT Anonymous 2016-01-28T20:39:25Z https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273895#M50736 Hi,<BR />I'm trying to configure the Talend Security Token Service (STS) for ESB. I'm following the STS User Guide document.<BR />I'm not using Tomcat. Instead I'm just activating the STS feature in Karaf. So I've installed feature tesb-sts, but the STS SOAP services don't seem to be created. The bundle state just stays at Installed, rather than Resolved.<BR />Do I need to do something else first? Is there another dependency?<BR />Thanks<BR />Tom Sat, 16 Nov 2024 10:54:06 GMT https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273895#M50736 Anonymous 2024-11-16T10:54:06Z https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273896#M50737 Hi Tom,<BR />the bundle is Resolved because it is a "fragment" bundle to the Apache CXF STS Core (which is Active and has Started the spring blueprint.. hopefully). You should see the service between exposed services (http://localhost:8040/services) as the STS service. We planned to use the UT service, but the clients were unable to comply so we ended up using the default WS-Security with the username/password.<BR />To run it out of the box follow the documentation to create a new keypair or download/install JCE Unlimited Strength Policy (to enabke support for strong keys used in the examples)<BR />URL: http://localhost:8040/services/SecurityTokenService/UT<BR />Request:<BR /><PRE><BR />POST http://localhost:8040/services/SecurityTokenService/UT HTTP/1.1<BR />Content-Type: text/xml;charset=UTF-8<BR />SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"<BR />Content-Length: 1177<BR />Host: localhost:8040<BR />Connection: Keep-Alive<BR />User-Agent: Apache-HttpClient/4.1.1 (java 1.5)<BR />&lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"&gt;<BR />&nbsp;&nbsp; &lt;soapenv:Header&gt;&lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt;&lt;wsse:UsernameToken wsu:Id="UsernameToken-19C5E83727A253C48D14503860476433"&gt;&lt;wsse:Username&gt;tesb&lt;/wsse:Username&gt;&lt;wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;tesb&lt;/wsse:Password&gt;&lt;/wsse:UsernameToken&gt;&lt;/wsse:Security&gt;&lt;/soapenv:Header&gt;<BR />&nbsp;&nbsp; &lt;soapenv:Body&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wst:RequestSecurityToken Context="?"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wst:TokenType&gt;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0&lt;/wst:TokenType&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wst:RequestType&gt;http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue&lt;/wst:RequestType&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"&gt;http://my.service.external/service/tst1&lt;/wsp:AppliesTo&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/wst:RequestSecurityToken&gt;<BR />&nbsp;&nbsp; &lt;/soapenv:Body&gt;<BR />&lt;/soapenv:Envelope&gt;</PRE><BR />Have fun<BR />Gabriel Thu, 17 Dec 2015 20:47:21 GMT https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273896#M50737 Anonymous 2015-12-17T20:47:21Z https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273897#M50738 however - trying it out manually (Soap UI): <BR /> <PRE>POST http://localhost:8040/services/SecurityTokenService/UT HTTP/1.1<BR />Content-Type: text/xml;charset=UTF-8<BR />SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"<BR />Content-Length: 1192<BR />Host: localhost:8040<BR />Connection: Keep-Alive<BR />User-Agent: Apache-HttpClient/4.1.1 (java 1.5)<BR />&lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"&gt;<BR />&nbsp;&nbsp; &lt;soapenv:Header&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;wsse:UsernameToken wsu:Id="UsernameToken-19C5E83727A253C48D14503867654994"&gt;<BR />&nbsp;&nbsp;&amp;n</PRE> <BR /><BR />To see the whole post, download it <A href="https://community.qlik.com/legacyfs/online/tlnd_dw_files/0683p000009MdH9">here</A><BR /><A href="https://community.qlik.com/legacyfs/online/tlnd_dw_files/0683p000009MdH9">OriginalPost.pdf</A> Thu, 17 Dec 2015 23:09:23 GMT https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273897#M50738 Anonymous 2015-12-17T23:09:23Z https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273898#M50739 Thank you so much for your examples. I had been searching high and low for day for something like this. There aren't any examples of the SOAP bodies in the Talend documentation.&nbsp;<BR />If anyone is interested, here is how to pass SAML token to REST API<BR /><BR />Take the SAML assertion portion of the xml response and <A href="https://www.samltool.com" target="_blank" rel="nofollow noopener noreferrer">deflate and base64 encode</A> it<BR />Set the http header key "Authorization" to the value "SAML xxxx" - where xxxx is the deflated/base64 encoded assertion xml<BR /><BR />reference material: <A href="http://cxf.apache.org/docs/jax-rs-saml.html" rel="nofollow noopener noreferrer">http://cxf.apache.org/docs/jax-rs-saml.html</A><BR />NOTE: make sure that there aren't any special characters in the xml of you will get an error "Signature cryptographic validation not successful" (see runtime log -/log/tesb.tx) - reference: <A href="https://www.talendforge.org/forum/viewtopic.php?pid=164104" target="_blank" rel="nofollow noopener noreferrer">https://www.talendforge.org/forum/viewtopic.php?pid=164104</A><BR /> Thu, 28 Jan 2016 20:39:25 GMT https://community.qlik.com/t5/Talend-Studio/Talend-STS-setup/m-p/2273898#M50739 Anonymous 2016-01-28T20:39:25Z