Using curl to send requests to WSO2 Identity Server
I've been experimenting with WSO2 Identity Server, an open-source security token service (STS). Prabath Siriwardena, at his blog FacileLogin has great series of articles on setting up the STS (such as this one), however I'm not a fan of setting up a Java client for simple test cases.
To that end, I've figured out the correct incantations required to use curl to send a RequestSecurityToken to the STS. I use this script to send a particular file:
#!/bin/sh
echo -e "Sending RST..."
curl -k --header "soapaction: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT" --header "Content-Type: text/xml; charset=UTF-8" --data-binary @$1 https://localhost:9443/services/wso2carbon-sts | xmllint --format -
Note the Content-Type and soapaction headers -- these are required for Axis2 to route the incoming request properly.
As for the request itself, I use a variation of the following:
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soapenv:Header>
<wsse:Security mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2009-08-18T15:12:58.053Z</wsu:Created>
<wsu:Expires>2010-08-18T15:17:58.053Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:Issuer xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsa:Address xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://issuer/test</wsa:Address>
</wst:Issuer>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>http://localhost:8280/services/echo</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize>256</t:KeySize>
<t:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" Dialect="http://wso2.org/claims">
<ic:ClaimType Uri="http://wso2.org/claims/givenname"/>
</t:Claims>
</t:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
Note that the address in the AppliesTo element must be defined as a "trusted service" in the STS otherwise a NullPointerException will be thrown (at least in version 2.0.0 of WSO2 Identity Server).
Assuming you put the curl script in a file called "send_file.sh" and the RequestSecurityToken in a file called "rst.xml", you can send the file using:
./send_file.sh rst.xml
The result will be a nicely formatted SAML assertion if everything has gone to plan!
blog comments powered by Disqus