Kerberos authentication without SecurityPolicy in WSDL

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Kerberos authentication without SecurityPolicy in WSDL

jvalteren
This post has NOT been accepted by the mailing list yet.
Hi all,

I'm working on an integration scenario for a customer and have run into a challenge.

The customer is using a model driven application platform that uses Metro to implement its web services stack. From the modeling environment, I can publish a process flow as a Web service, after which it generates a WSDL based on the input/output parameters and domain model of the application. I have no way to influence the WSDL other than changing the input/output parameters of the process flow. I can however perform a custom mapping of the SOAP header of incoming requests.

The customer wants to integrate the application with several .NET systems using WS-Security and the Kerberos Token Profile. IMO, setting this up requires defining the Security Policy in the WSDL and referencing it from the binding and/or operation.

My question is this: Is it possible to make this work without being able to modify the WSDL to include the Security Policy definition?

Hope to hear from you!


Kind regards,

Jonathan
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos authentication without SecurityPolicy in WSDL

TomekJavaMetro
This post has NOT been accepted by the mailing list yet.

Hello,

Maybe if there is no WS-Policy informations for (input, output, error/exepcttion) messages  You
should add it to the Your WSDL service.

Could You post the part of information's from Wsdl / WSPolicy contract of Your service /or STS ?


FOr example , in the secured services (WSP + STS + WSC) case the Metro (2.1.1 or before) stack does not directly add the WS-policy to the Fautl/error messages.

Best regards,
Tomek.