来自 CreateChannelWithIssuedToken 的 WCF 通道仍在发送“requestsecuritytoken”请求

Question

Using .Net 4.5 and generated a SAML2 token using WIF identity classes and trying to add it to the soap body request but its being ignored and soap request generated is actually has 'requestsecuritytoken' soap request which is going to the server. I don't have any STS.

Reference code here ' Need signature after SAML token in client request ' seems working.

My custombinding in app.config is

        <customBinding>
          <binding name="AccountDetailsServiceSoap11" >
            <textMessageEncoding messageVersion="Soap11WSAddressing10"/>
            <security includeTimestamp="true">
            </security>
            <httpTransport></httpTransport>
          </binding>
   </customBinding>

And generated soap envelope is

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:b7ff68ac-df62-4051-a68a-7382b0ec4995</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">http://localhost:8888/spring-webservices-sample/endpoints</a:To></s:Header><s:Body><t:RequestSecurityToken Context="uuid-f4007218-af5c-4f84-b800-0e47f102d3b5-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeySize>256</t:KeySize><t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">YHoGBisGAQUFAqBwMG6gMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI6BDhOVExNU1NQAAEAAAC3shjiCQAJAC8AAAAHAAcAKAAAAAYBsR0AAAAPQUEzNzMwOUNJTkNPTVNZUw==</t:BinaryExchange></t:RequestSecurityToken></s:Body></s:Envelope>

I want to test a secured web service with SAML we have in java from a .net client. I got the service client generated from WSDL in visual studio 2015 and then got the SAML assertion generated from classes and now trying pass that token with the soap request to the java service.

Can some please share what I'm missing or doing wrong, I'm new to .net/WCF/WIF world?

thanks

Answer 1

After doing some more research, found out that the WCF infrastructure when having 'custombinding' at WCF client side generates a RST(requestsecuritytoken) request first in the background first and did not find yet if we can change that behavior. So instead used 'basicHTTPBinding' with signature option (with protectlevel on client interface set to sign) which is now signing the soap body and putting timestamnp.
Now for SAML2 token insertion used interceptor and added it after generated it from WIF classes and send the final soap request which has SAML assertion signed, timestamp and soap body signed. The request was processed at Spring WS side with the security actions and business logic was invoked. This is is just for development and testing. I guess for Production we still needs to have a STS.