LibraryToggle FramesPrintFeedback

Perform the following steps to add the single sign-on security policy to the hello_world WSDL contract:

  1. Edit the hello_world.wsdl file from the wsdl_first_https/wsdl/ directory. Add the single sign-on policy shown in Example 8.1 as a child of the wsdl:definitions element.

  2. Continue editing the hello_world.wsdl file, in order to add a policy reference to the WSDL port. Search for the SOAPService wsdl:service element and then add the wsp:PolicyReference element as a child of the wsdl:port element, as shown in the following WSDL fragment:

    <wsdl:definitions ... >
        ...
        <wsdl:service name="SOAPService">
            <wsdl:port binding="tns:Greeter_SOAPBinding" name="SoapPort">
                <wsp:PolicyReference xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#STS_SAML_Token_policy"/>
                <soap:address location="https://localhost:9001/SoapContext/SoapPort"/>
            </wsdl:port>
        </wsdl:service>
        ...
    </wsdl:definitions>

    By inserting the wsp:PolicyReference element at this point, you are associating the WSDL port with the security policy referenced by the URI attribute value, #STS_SAML_Token_policy, (which matches the wsu:Id attribute of the single sign-on security policy).

  3. The server requires a separate copy of the WSDL file, which omits the IssuedToken policy. Copy hello_world.wsdl to hello_world_server.wsdl (in the same directory). Edit the new hello_world_server.wsdl file and delete the sp:SignedSupportingTokens element from the policy, so that the content of the hello_world_server.wsdl file now has the following outline:

    <wsdl:definitions ... >
        ...
        <wsp:Policy wsu:Id="STS_SAML_Token_policy"
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
              ...
          </sp:TransportBinding>
          <!-- sp:SignedSupportingTokens element is omitted in server copy of the WSDL -->
        </wsp:Policy>
    
    </wsdl:definitions>
    [Note]Note

    If you completely omit the wsp:Policy element from the server's copy of the WSDL file, this would implicitly disable the auto-installation of the WSS4J interceptors. When you run the demonstration, the server would be unable to parse the security header and would therefore return a mustUnderstand fault.

Comments powered by Disqus
loading table of contents...