LibraryToggle FramesPrintFeedback

Perform the following steps to add the single sign-on security policy to the hello_world WSDL contract:

  1. Edit the hello_world.wsdl file from the wsdl_first_https/wsdl/ directory. Add the single sign-on policy shown in Example 8.1 as a child of the wsdl:definitions element.

  2. Continue editing the hello_world.wsdl file, in order to add a policy reference to the WSDL port. Search for the SOAPService wsdl:service element and then add the wsp:PolicyReference element as a child of the wsdl:port element, as shown in the following WSDL fragment:

    <wsdl:definitions ... >
        <wsdl:service name="SOAPService">
            <wsdl:port binding="tns:Greeter_SOAPBinding" name="SoapPort">
                <wsp:PolicyReference xmlns:wsp="" URI="#STS_SAML_Token_policy"/>
                <soap:address location="https://localhost:9001/SoapContext/SoapPort"/>

    By inserting the wsp:PolicyReference element at this point, you are associating the WSDL port with the security policy referenced by the URI attribute value, #STS_SAML_Token_policy, (which matches the wsu:Id attribute of the single sign-on security policy).

  3. The server requires a separate copy of the WSDL file, which omits the IssuedToken policy. Copy hello_world.wsdl to hello_world_server.wsdl (in the same directory). Edit the new hello_world_server.wsdl file and delete the sp:SignedSupportingTokens element from the policy, so that the content of the hello_world_server.wsdl file now has the following outline:

    <wsdl:definitions ... >
        <wsp:Policy wsu:Id="STS_SAML_Token_policy"
          <sp:TransportBinding xmlns:sp="">
          <!-- sp:SignedSupportingTokens element is omitted in server copy of the WSDL -->

    If you completely omit the wsp:Policy element from the server's copy of the WSDL file, this would implicitly disable the auto-installation of the WSS4J interceptors. When you run the demonstration, the server would be unable to parse the security header and would therefore return a mustUnderstand fault.

Comments powered by Disqus
loading table of contents...