Last year I made JAX-WS client for a web service in this link
This webservice use a STS service to get SAML token and use it to access main webservice. I use wsdl2java of apache cxf to generate JAX-WS client for this webservice. Everything was just fine.
Recently they have updated their STS service endpoint. This new STS service endpoint. Which has different signature and digest algorithm. It has some extra element in request body.
I tried to modify current code so that it support new STS service. But my code is sending same RequestSecurityToken request.I mean it does not adopt for new requirement. I tried to adopt this but I could not do that.
New STS service required http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 as new signature method and http://www.w3.org/2001/04/xmlenc#sha256 as new digest algorithm. Plus it required following element in request body:
<tr:ActAs xmlns:tr="http://docs.oasis-open.org/ws-sx/ws-trust/200802">
<v13:RelationshipToken xmlns:v13="http://vanguard.business.gov.au/2016/03" ID="1bc9a44e-dccd-49e2-8f29-40d7b1257325">
<v13:Relationship v13:Type="OSPfor">
<v13:Attribute v13:Name="SSID" v13:Value="1234567895"/>
</v13:Relationship>
<v13:FirstParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="27809366375"/>
<v13:SecondParty v13:Scheme="uri://abr.gov.au/ABN" v13:Value="89567587874"/>
</v13:RelationshipToken>
</tr:ActAs>
Plus there are minor differences here. I have two ways now I think:
- If I can change old code to STS client send request with those value. which I tried and not succeeded.
- They provide some code which support fetching SAML assertion token and proof token from STS client. If I can put SAML assertion token into my JAX-WS client directly then this problem is also solved.
Any help or suggestion will be appreciated to us
The SHA-256 digest algorithm is normally set by using an AlgorithmSuite policy that requires it (e.g. Basic256Sha256). I see in the policy they are still using "Basic256" however. CXF allows you to configure RSA-SHA256 via some configuration properties (see for example 'ws-security.asymmetric.signature.algorithm' here http://cxf.apache.org/docs/ws-securitypolicy.html). You can set ActAs Object/Element on the STSClient directly.