A web service provider has implemented WS-Security in .net to secure its web service. I'm confused how to I generate security context token in java as per WS-Security standard?
I checkout Apache Rampart policies but found that none of the policy's request has security context token node. Not getting a head start for it.
Could someone please help ?
Below is the soap header sample.
<s:Header>
<a:Action s:mustUnderstand = "1">url</a:Action>
<a:MessageID>urn:uuid:044c513b-5c79-4d32-8ef7-e5be7d32dd9a</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand = "1">service provider url</a:To>
<o:Security s:mustUnderstand = "1" xmlns:o = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id = "_0">
<u:Created>2016-01-20T17:01:54.480Z</u:Created>
<u:Expires>2016-01-20T17:06:54.480Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken u:Id = "uuid-58ee82ff-1b76-4228-8c86-1d99dee0122e-5" xmlns:c = "http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:b2cb2469-3b5a-49a9-9ddf-f1441f194012</c:Identifier>
</c:SecurityContextToken>
<Signature xmlns = "http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI = "#_0">
<Transforms>
<Transform Algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>6pHwg2hMn0bYulROisZFtKXHi+c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>TJIjNDK87fY2oZ3lD6iTFzaOCKU=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI = "#uuid-58ee82ff-1b76-4228-8c86-1d99dee0122e-5"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
