Configure https with WS-Security

Friday, May 21, 2010

Using WS-Security Username Token alone with Transport level security, HTTPS, is quite common. By default, Username token is used with WS-Security Signature. Lets look at how to configure WS-Security Username Token with WSF/PHP.

Since, by default, WSF/PHP tries to sign the username token credentials, you would need to specify client certificate and the private key for configuring Username Token.

e.g

$security_options = array("useUsernameToken" => TRUE );

$policy = new WSPolicy(array("security" => $security_options));

$security_token = new WSSecurityToken(array("user" => "Raigama",
                                            "password" => "RaigamaPW",
                                            "passwordType" => "Digest",
                                            "privateKey" => $my_key,
                                              "certificate" => $my_cert));

I have copied a code snippet from the username token sample. As you can see, we are only configuring username token by using the option useUsernameToken in the policy configuration. However, for the WSSecurityToken configuration, I have passed both the “privateKey” option and “certificate” option. The private key refer to the client’s private key and certificate refer to client’s certificate which contains the public key of the client.  This is because, by default, UsernameToken uses signature to enhance security of username token.

Often you would need to use https transport and plaintext username password instead of a signed username token.  You can easily enable this option by specifying a policy file and an empty transportBinding element within it as follows.

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding>
                <wsp:Policy>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens>
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10 />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

Now create the WSPolicy object by using the policy file.

$policy = new WSPolicy($policy_string);

In the WSClient options change “to” endpoint from “http” to “https” and specify the “CACert” option.

10 comments:

Bob0104byWas0104ham said...

找一個懂妳的人也期許自己做一個人懂別人的人......................................................

雅鈴 said...

援交友聊天室 成人視訊jaanli 視訊聊天交友1758 素人自拍,情色小站 av999電影院 a片 男同志網gay圖片 咆哮老鼠concert 高雄寂寞小站 成人情色 視訊21sex 176視訊聊天室 avdvd情色影片 love104 視訊聊天室 摸摸耳小遊戲 1111非常好色6 0下載 情人輔助品視訊交友 成人視訊ynbcom 情色a片-情色小站 aio交友愛情館 18x us視訊聊天 內衣名模寫真 南人情色論壇 東東成人論談 xxvideo 倉井空免費a影片 免費視訊173liveshow google台灣 賓館偷拍影片 s383情色大網咖 歐美潮吹短片 104視訊美女 0951撥打電話下載 0204免費下載短片 免費視訊交友 援交情人視訊聊天室 avdvd免費無碼a片 視訊網愛聊天室85cc yam天空影音 104川藏第一美女視訊 無碼視訊情色小站 色美媚,洪爺的家 杜雷斯免費影片 網愛交友網 視訊甜心寶貝av貼片區 aio辣妺視訊 東京熱情色影片 交友網愛戀之旅 上班族酒趴網 免費視訊monico sex520貼片

CJ said...

Checked this tips. All works well. Thanks for posting. Look php tutorial.

桂竹桂竹 said...

脫衣秀脫衣走光色情自慰自拍成人全裸打炮打手槍打飛機巨乳巨奶女優大奶性交性愛淫蕩淫慾淫亂淫婦淫妹淫叫淫水淫女情慾情色做愛限制級波霸口交18禁貼圖寫真

冠慧 said...

請繼續發表好文!加油加油再加油! .................................................................

俊源 said...

這BLOG真是讓人意猶未盡!!

江婷 said...

在莫非定律中有項笨蛋定律:「一個組織中的笨蛋,恆大於等於三分之二。」......................................................................

皇銘 said...

您的blog蠻不錯的耶,祝你快樂哦!期待您的更新!.................................................................                           

于庭 said...

成熟,就是有能力適應生活中的模糊。.................................................................

jthorhauer said...

So is this the only way to use UsernameToken without a client cert? That is, do you have to provide a custom policy file if you do not want to provide a privateKey and certificate in the WSSecurityToken. Or can you just simply create a WSSecurityToken without the privateKey and certificate attributes?