Setting up a Security Token Service
Setting up a Security Token Service
Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.
STS with a custom issuerFirst the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the "org.apache.rahas.TokenIssuer" interface. Let's say that your issuer is "org.custom.MyIssuer". Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.
<module ref="rampart" />
<operation name="IssueToken"
mep="http://www.w3.org/ns/wsdl/in-out">
<messageReceiver
class="org.apache.rahas.STSMessageReceiver"/>
<!-- Action mapping to accept RST requests -->
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
<parameter name="token-dispatcher-configuration">
<token-dispatcher-configuration>
<!-- Issuers. You may have many issuers. -->
<issuer class="org.custom.MyIssuer" default="true">
<configuration
type="parameter">saml-issuer-config</configuration>
<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
</issuer>
</token-dispatcher-configuration>
</parameter>
</operation>