I've verified with WSS4J that the first example request passes when BSP (Basic Security Profile) compliance is turned off. So the problem appears to be that turning off BSP compliance via "ws-security.is-bsp-compliant" is not working with your configuration. Could you clarify whether you are using WS-SecurityPolicy to configure the service, or just manually adding the WSS4JInInterceptor? If the latter, then the "ws-security.is-bsp-compliant" tag won't work, as this only works with WS-SecurityPolicy. If this is the case, then you can turn off BSP compliance via setting "isBSPCompliant" to "false". If this doesn't work, could you also paste the service configuration? Colm. |
Hi Colm,
I addet the security in the Talend Open Studio at the service... and via the jaas: addet the username and passwort in the karaf-console...
This works with all other clients...
here my config:
# cat org.talend.esb.job.client.sts.cfg ### # #%L # Talend :: ESB :: Job :: Controller # %% # Copyright (C) 2011 Talend Inc.
# %%
# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License.
# You may obtain a copy of the License at #
#
#
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # limitations under the License.
# #L%
###
#STS endpoint configuration
#sts.wsdl.location =
sts.wsdl.location =
sts.x509.wsdl.location =
sts.namespace =
sts.service.name = SecurityTokenService
sts.endpoint.name = UT_Port
sts.x509.endpoint.name = X509_Port
#STS properties configuration
ws-security.sts.token.username = myclientkey ws-security.sts.token.usecert = true ws-security.is-bsp-compliant = false ws-security.sts.token.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
ws-security.encryption.username = mystskey ws-security.encryption.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
# cat org.talend.esb.sts.server.cfg ### # #%L # TESB :: STS :: CONFIG # %% # Copyright (C) 2011 Talend Inc.
# %%
# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License.
# You may obtain a copy of the License at #
#
#
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # limitations under the License.
# #L%
###
stsServiceUrl=/SecurityTokenService/UT
stsX509ServiceUrl=/SecurityTokenService/X509
jaasContext=karaf
signatureProperties=file:${tesb.home}/etc/keystores/stsKeystore.properties
signatureUsername=mystskey
bspCompliant=false
useMessageLogging=false
samlTokenLifetime=1800
thanks
Wolfgang