Skip to main content

Metro Client to STS across domain trust

1 reply [Last post]
aweinograd
Offline
Joined: 2012-03-01
Points: 0

I have two STS, A and B. I have a service that's registered as a relying party on STS B. I can make requests for users in the domain of STS B to get a token and use it to make a request on my service.

My sample code for users looks like this:

DefaultSTSIssuedTokenConfiguration stsConfig = new DefaultSTSIssuedTokenConfiguration();
stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
stsConfig.setSTSInfo(localSTS, locallSTSMex);
stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY, username);
stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY, password);
stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO, realm);

STSIssuedTokenFeature feature = new STSIssuedTokenFeature(stsConfig);

Svc_Service client = new Svc_Service();
Svc port = client.serviceMethodPort(feature);

I am trying to do the same for users that will authenticate on STS A. I can't find any examples anywhere including the documentation that will allow me to cross the trust relationship, getting the token initially from STS A and using that to get a token from STS B for my service.

Any guidance is appreciated.

Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
aweinograd
Offline
Joined: 2012-03-01
Points: 0

Looking at http://wsit.java.net/docs/trust-whitepaper.pdf

Section 4: brokering trust across domains
is exactly what I want to do. I am looking at getting the token for the service on the service domain sts manually...

Thanks.