Topic
  • 2 replies
  • Latest Post - ‏2014-01-31T20:23:41Z by JatinIBMDW
gllambi
gllambi
2 Posts

Pinned topic ws-trust OnBehalfOf token support in TFIM

‏2013-04-16T17:47:37Z |

Hi guys!! 

we have owned a TFIM 6.2.0.2 and we are trying to use the onBehalfOf element of the ws-trust spec. We found this IBM's link about this topic but I wanted to know if it is supported by this version of TFIM as I did not found any further documentation. Could you please aid me?

http://www.ibm.com/developerworks/websphere/library/techarticles/1003_chades/1003_chades.html?ca=drs-

thanks in advance!

Regards

Guzmán

  • gllambi
    gllambi
    2 Posts

    Re: ws-trust OnBehalfOf token support in TFIM

    ‏2013-05-14T13:32:40Z  

    Hi Guys!

    any idea about this topic?

    thanks!

    Guzmán

  • JatinIBMDW
    JatinIBMDW
    2 Posts

    Re: ws-trust OnBehalfOf token support in TFIM

    ‏2014-01-31T20:23:41Z  
    • gllambi
    • ‏2013-05-14T13:32:40Z

    Hi Guys!

    any idea about this topic?

    thanks!

    Guzmán

    Hi Guzman,

    Yes TFIM is aware of the standard OnBehalfOf construct in WS-Trust 1.3.

    I tested it by exchanging a usernametoken for a saml2 token.

    Here is the sample RST.

    Regards,

    Jatin

    <?xml version="1.0"?>
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
    <ws-t:RequestSecurityToken xmlns:ws-t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
      <ws-t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Validate</ws-t:RequestType>
      <ws-t:Issuer>
        <ws-a:Address xmlns:ws-a="http://www.w3.org/2005/08/addressing">xtfim</ws-a:Address>
      </ws-t:Issuer>
      <ws-p:AppliesTo xmlns:ws-p="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <ws-a:EndpointReference xmlns:ws-a="http://www.w3.org/2005/08/addressing">
          <ws-a:Address>sapcrmws</ws-a:Address>
        </ws-a:EndpointReference>
      </ws-p:AppliesTo>
      <ws-t:OnBehalfOf>
       <ws-t:Base>
        <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-85770a33-e47a-43ba-a2da-862c024e697c">
          <wsse:Username>jdoe</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    <ws-t:Create>2014-01-26T20:00:30Z</ws-t:Create>
     </wsse:UsernameToken>
     </ws-t:Base>
      </ws-t:OnBehalfOf>
    </ws-t:RequestSecurityToken>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>