Usage of wso2carbon-sts Service
This sample demonstrates the usage of wso2carbon-sts (Security Token Service) and its applications. The demonstration also uses the default Hello service as the service provider.
Building and Running the Sample
You need Apache Ant to build the sample.
1. In a command prompt, switch to the sample directory.
cd <AS_HOME>\samples\STS
2. From there, type ant.
3. Start the WSO2 Application Server if you haven't started it already.
4. Login to the WSO2 Application Server's Management Console and access the deployed services (Manage -> Services -> List).
5. Select the "wso2carbon-sts" service and setup security scenario "Sign and encrypt - X509 Authentication" (scenario 5) on it. Make sure wso2carbon.jks keystore (wso2carbon keystore) is used.
6. Select "HelloService" service and copy the http service address.
7. Select "wso2carbon-sts" service and navigate to "Configure STS" link (which is in the service's dashboard).
8. Paste/type the http endpoint address of "HelloService" service (http://localhost:9763/services/HelloService) in "Add new trusted service"->"Endpoint Address".
9. Select the wso2carbon from certificate alias drop down list, which is the wso2carbon private key alias.
10. Select Hello Service and go to the service dashboard. Then select Security under Quality of Service Configuration, and setup security scenario "SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication" (scenario 11) on it. Make sure wso2carbon.jks keystore is used.”
11. Import sts-sample/conf/client.cert into the wso2carbon keystore using the AS Management Console.
11. Go to Configure Tab -> Key Stores.
12. Select Import Cert Action for wso2carbon,jks, and select <AS_HOME>\samples\STS\conf\client.cert and press import.
13. Run the client
- In Linux: $ ./run-client.sh <wso2carbon-sts-http-address> <hello-service-http-address>
- In Windows: run-client.bat <wso2carbon-sts-http-address> <hello-service-http-address>
Note:
Thes hello service http address should be exactly the same address you added as a trusted service in the STS configuration.