Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
April 13–15 - Dare to Unleash a New Professional You at Qlik Connect 2026: Register Now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2015-12-17 10:41 AM

Talend STS setup

Hi,
I'm trying to configure the Talend Security Token Service (STS) for ESB. I'm following the STS User Guide document.
I'm not using Tomcat. Instead I'm just activating the STS feature in Karaf. So I've installed feature tesb-sts, but the STS SOAP services don't seem to be created. The bundle state just stays at Installed, rather than Resolved.
Do I need to do something else first? Is there another dependency?
Thanks
Tom
Labels (3)
Labels
509 Views
0 Likes
3 Replies
Anonymous
Not applicable
‎2015-12-17 03:47 PM
Author

Hi Tom,
the bundle is Resolved because it is a "fragment" bundle to the Apache CXF STS Core (which is Active and has Started the spring blueprint.. hopefully). You should see the service between exposed services (http://localhost:8040/services) as the STS service. We planned to use the UT service, but the clients were unable to comply so we ended up using the default WS-Security with the username/password.
To run it out of the box follow the documentation to create a new keypair or download/install JCE Unlimited Strength Policy (to enabke support for strong keys used in the examples)
URL: http://localhost:8040/services/SecurityTokenService/UT
Request:

POST http://localhost:8040/services/SecurityTokenService/UT HTTP/1.1
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
Content-Length: 1177
Host: localhost:8040
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
   <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-19C5E83727A253C48D14503860476433"><wsse:Username>tesb</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">tesb</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <wst:RequestSecurityToken Context="?">
         <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
         <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
         <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">http://my.service.external/service/tst1</wsp:AppliesTo>
      </wst:RequestSecurityToken>
   </soapenv:Body>
</soapenv:Envelope>

Have fun
Gabriel
509 Views
0 Likes
Anonymous
Not applicable
‎2015-12-17 06:09 PM
Author

however - trying it out manually (Soap UI): 
POST http://localhost:8040/services/SecurityTokenService/UT HTTP/1.1
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
Content-Length: 1192
Host: localhost:8040
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-19C5E83727A253C48D14503867654994">
  &n


To see the whole post, download it here
OriginalPost.pdf
509 Views
0 Likes
Anonymous
Not applicable
‎2016-01-28 03:39 PM
Author

Thank you so much for your examples. I had been searching high and low for day for something like this. There aren't any examples of the SOAP bodies in the Talend documentation. 
If anyone is interested, here is how to pass SAML token to REST API

Take the SAML assertion portion of the xml response and deflate and base64 encode it
Set the http header key "Authorization" to the value "SAML xxxx" - where xxxx is the deflated/base64 encoded assertion xml

reference material: http://cxf.apache.org/docs/jax-rs-saml.html
NOTE: make sure that there aren't any special characters in the xml of you will get an error "Signature cryptographic validation not successful" (see runtime log -/log/tesb.tx) - reference: https://www.talendforge.org/forum/viewtopic.php?pid=164104
509 Views
0 Likes