Handling Token and Key Requirements at Run Time, Part I: Overview




In the general model for using STS issued tokens to securing Web services,
as illustrated above, an service side IssuedToken policy assertion is used to
specify the STS information (STS endpoint, STS MEX endpoint, etc) and the token
requirements (token type, key type, claims, etc). Alternatively, a client side
PreConfiguredSTS assertion can be used to specify the local STS. Only one STS
can be specified in PreconfiguredSTS.


In this way, the process to go to STS to obtain the issued toke and subsequently
use it with the messages to the service was handled by Metro transparently to the
users.


Now with an exciting new feature in Metro 2.0, we allow to inject STS information
and issued token requirements programmatically at run time on the client side. This
gives the users more control of the its identity and security information to be used
to access a service, hence open up for building more interesting and important
applications with Metro.

The following is a description of how this is achieved:
1. Use existing STSIssuedTokenConfiguration for run-time configuration:
DefaultSTSIssuedTokenConfiguration config = new DefaultSTSIssuedTokenConfiguration();
Claims claims = ...
config.setClaims(claims);

2. Use Web Service Feature to inject STSIssuedTokenConfiguration into the system:
STSIssuedTokenFeature feature = new STSIssuedTokenFeature(config);

3. STSIssuedTokenFeature is used when creating port from the Service.
CalculatorWS port = service.getCalculatorWSPort(new WebServiceFeature[]{feature});

4. The entries in IssuedToken policy assertion is available through configure.getOtherOptions().get(STSIssuedTokenConfiguration.ISSUED_TOKEN). This allows the users to select STS at run time according to the service requirements.


In the subsequent blogs, I will provide samples and tips for how to build various solutions
with this feature. Stay tuned.



Comments:

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:45 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:54 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:57 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:02 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:05 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:09 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:17 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:21 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:31 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on June 02, 2009 at 07:21 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on June 02, 2009 at 07:26 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on July 06, 2009 at 10:34 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on July 07, 2009 at 05:44 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jiandong Guo

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today