soapjava-metro-frameworksts-securitytokenservicewsit

Change the STS server programmatically in a METRO SOAP Client


Is it possible to change the Secure Token Server that my client uses to during runtime?

I got a working METRO 2.3 client for a .NET Service that is secured using the Security Token Service of the Active Directory Federation Services. Everything is configured using xml fles. The service offers two identical servers. One for testing and one for production.

Is it possible to switch the server at runtime?

My shortened wsit-client.xml:

<definitions xmlns="http://schemas.xmlsoap.org/wsdl/">
    <import location="mex.xml" namespace="http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice"/>
    <import location="myservice.svc.xml" namespace="http://namespace.org/"/>
</definitions>

And the important part of my mex.xml:

<wsdl:definitions name="SecurityTokenService" 
                  targetNamespace="http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice" 
                  xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" 
                  xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" 
                  xmlns:wsa10="http://www.w3.org/2005/08/addressing" 
                  xmlns:wsp1="http://www.w3.org/ns/ws-policy" 
                  xmlns:tc="http://schemas.sun.com/ws/2006/05/trust/client">
    <wsdl:service name="SecurityTokenService">
        <wsdl:port name="IssuedTokenWSTrustBinding_IWSTrust13Async" binding="tns:IssuedTokenWSTrustBinding_IWSTrust13Async">
            <soap12:address location="http://login.test.miljoeportal.dk/adfs/services/trust/13/issuedtokensymmetricbasic256sha256"/>
            <wsa10:EndpointReference>
                <wsa10:Address>http://login.test.theserver.com/adfs/services/trust/13/issuedtokensymmetricbasic256sha256</wsa10:Address>
                <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <X509Data>
                            <X509Certificate>THECERTIFICATE</X509Certificate>
                        </X509Data>
                    </KeyInfo>
                </Identity>
            </wsa10:EndpointReference>
        </wsdl:port>
    </wsdl:service>
    <wsp1:Policy wsu:Id="IssuedTokenWSTrustBinding_IWSTrust13AsyncPolicy">
        <wsp1:ExactlyOne>
            <wsp1:All>
                <tc:PreconfiguredSTS wspp:visibility="private" 
                                     endpoint=    "http://login.test.theserver.com/adfs/services/trust/13/username" 
                                     wsdlLocation="https://login.test.theserver.com/adfs/services/trust/mex" 
                                     metadata=    "https://login.test.theserver.com/adfs/services/trust/mex" 
                                     serviceName="SecurityTokenService" 
                                     portName="UserNameWSTrustBinding_IWSTrust_13Async" 
                                     wstVersion="http://docs.oasis-open.org/ws-sx/ws-trust/200512"/>
            </wsp1:All>
        </wsp1:ExactlyOne>
    </wsp1:Policy>
</wsdl:definitions>

Is it possible to change the http://login.test.theserver.com urls to http://login.prod.theserver.com during runtime?


Solution

  • It is possible to set these parameters like this:

    MyServices s = new MyService();
    myserviceinterface = s.getMyService();
    
    Map<String, Object> context = ((BindingProvider) myserviceinterface ).getRequestContext();
    context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://service.theserver.com/wsdl");
    
    String stsEndpoint     = "http://login.theserver.com/adfs/services/trust/13/username";
    String stsWSDLLocation = "https://login.theserver.com/adfs/services/trust/mex";
    String stsServiceName  = "SecurityTokenService";
    String stsPortName     = "UserNameWSTrustBinding_IWSTrust13Async";
    String stsNamespace    = "http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice";
    
    context.put(STSIssuedTokenConfiguration.STS_ENDPOINT, stsEndpoint);
    context.put(STSIssuedTokenConfiguration.STS_NAMESPACE, stsNamespace);
    context.put(STSIssuedTokenConfiguration.STS_WSDL_LOCATION, stsWSDLLocation);
    context.put(STSIssuedTokenConfiguration.STS_SERVICE_NAME, stsServiceName);
    context.put(STSIssuedTokenConfiguration.STS_PORT_NAME, stsPortName);
    

    I have not found a way to change the keystore settings in runtime.