Quick Test WS-Trust with WSO2 Identity Server

As you all know that WSO2 Identity Server uses the STS(Security Toke Service) as an implementation for WS-Trust which is capable of issuing SAML1.1 and 2.0 tokens. This API can be secured with any WS-Security mechanism. So, if you want to test out the UserNameTokenscenario you can use the following client instead of the one located at Identity Server Distribution.

Setting Up

• If you are using IS versions 5.11.0-m25+ you might want to add the connector.
• Download the Identity Server Distribution through WSO2 Official Site.
• Run the server by executing the command ./wso2server.sh in PRODUCT_HOME/bin.
• Access it through https://localhost:9443/carbon/ and login with admin as the username and password.
• On the Main tab, click Identity > Identity Providers > Resident.

Click on the highlighted resident tab

You’ll be redirected to the following page:

Resident Identity Provider Page

• Insert the values localhost, 15 and 2 to the fields Home Realm Identifier, Idle Session Time Out and Remember Me Period.
• Click on Update.
• Expand the Inbound Authentication Configuration section, click Security Token Service Configuration > Apply Security Policy.

Expanded Inbound Authentication Configuration

• Select Yes in the Enable Security? dropdown and select a pre-configured security scenario according to your requirements. For this client, use UsernameToken under the Basic Scenarios section.

Apply Security Policy Page

• Click Next. The user domain and user group selection appear as follow.

Select Domain and User Groups Page

• Select ALL-USER-STORE-DOMAINS for Select Domain and admin for User Groups.
• Click Finish. Click Ok on the confirmation dialog window that appears. Click Update to complete the process.
• On the Main menu, click Identity > Service Providers > Add.

Click on the highlighted tab in Service Providers

• Fill in the Service Provider Name and provide a brief Description of the service provider. Only the Service Provider Name is a required field. And click on Register.

Register SP Page

• Under the Inbound Authentication Configuration section, click WS-Trust Security Token Service Configuration > Configure. The STS Configuration page appears.

Service Provider Inbound Configuration Page

• Enter values https://localhost:9444/services/echo for the Endpoint Address and wso2carbon for the Certificate Alias. And click on Apply then, click on Update.

Add Trusted Service Page

Testing Out Scenario

1. Visit the GitHub repository sample-sts-client.
2. Clone the repository with the command git clone https://github.com/deshankoswatte/sample-sts-client.git.
3. Run the command mvn clean install on the root directory.
4. After that run the client using the command java -cp ws-trust-client/target/ws-trust-client-1.0-SNAPSHOT.jar org.wso2.samples.is.sts.wstrust.client.Client.
5. You will be able to see both the requests and responses sent clearly.

References

• https://is.docs.wso2.com/en/latest/learn/ws-trust/#ws-trust
• https://is.docs.wso2.com/en/latest/learn/configuring-ws-trust-security-token-service/