我需要为 wso2 安全 token 服务创建一个 .NET 客户端。
通常我会创建一个简单的控制台或 WinForm 项目,向它添加一个服务引用。公开的 WSDL 将转入一组类,我可以使用这些类来查询服务并正确管理其响应。
不幸的是,生成的请求和响应类是空的:只是没有任何属性或方法的类声明。这类似于另一个(未回答)堆栈溢出问题 https://stackoverflow.com/q/22049080/2131913 中描述的行为
我在此论坛帖子中找到了对该服务的示例请求:http://cxf.547215.n5.nabble.com/Sample-STS-Client-tp4643980p4664175.html我让它与 SOAP UI 一起工作。
是否有一种适当的、可能是自动化的方法来重新创建查询安全 token 服务所需的复杂数据结构?
编辑
好的,经过多次尝试后,我已将上述论坛帖子中的 SOAP 请求减少到仍然从 STS 服务获取 RequestSecurityTokenResponse 所需的最小结构。
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-6D35592DCDDA26FFF3141578725699577">
<wsse:Username>USERNAME HERE</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD HERE</wsse:Password>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-6D35592DCDDA26FFF3141578725699576">
<wsu:Created>2014-11-12T10:14:16.995Z</wsu:Created>
<wsu:Expires>2014-11-12T10:16:16.995Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:Action soap:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action>
<wsa:MessageID soap:mustUnderstand="1">uuid:6d4eab69-77f9-42b7-8d6b-1f710020fb0b</wsa:MessageID>
<wsa:To soap:mustUnderstand="1">STS ENDPOINT ADDRESS HERE</wsa:To>
</soap:Header>
<soap:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<wst:Claims>
<wsid:ClaimType Uri="http://wso2.org/claims/userid" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity"/>
</wst:Claims>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>
我已经在我的项目的 app.config 中定义了一个 wsHttpBinding ,如下所示:
<wsHttpBinding>
<binding name="SendUsername" messageEncoding="Text">
<security mode ="TransportWithMessageCredential">
<message clientCredentialType ="UserName"/>
<transport clientCredentialType ="Basic" />
</security>
</binding>
</wsHttpBinding>
添加或不添加 CustomBinding 如下所示:
<customBinding>
<binding name="wso2carbon-stsSoap12Binding">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedToken"
requireDerivedKeys="true" securityHeaderLayout="Lax" includeTimestamp="true">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
<issuedTokenParameters keyType ="SymmetricKey" tokenType ="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<issuer address =STS ENDPOINT ADDRESS HERE binding ="wsHttpBinding" bindingConfiguration ="SendUsername"/>
<claimTypeRequirements>
<add claimType ="http://wso2.org/claims/userid"/>
</claimTypeRequirements>
</issuedTokenParameters>
</security>
<textMessageEncoding messageVersion="Soap12" />
<httpsTransport />
</binding>
</customBinding>
然而,在这两种情况下,请求都会引发超时异常,并使用 WCF 跟踪发出的请求进行检查,我可以看到它缺少 Claims 元素。任何提示?
最佳答案
关于vb.net - 如何为 wso2 安全 token 服务创建 .NET 客户端,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26840502/