I have been looking at the StockService sample that comes with the OpenSSO WSS Providers download. I installed OpenSSO on GlassFish and I carefully followed all the instructions for setting up the WSS provider as described in the various README files.
I can run the sample, but I don't think it is working correctly. The SOAP messages are exchanged, but without any SOAP security headers. In other words, while the wsc and the StockAgent OpenSSO profiles are set to generate SAML2-SenderVouches, none is generated.
The only security provider that seems to get engaged is FAMHttpProvider (because I get a login prompt if I select "User Authentication Required" in the StockService agent profile referenced by FAMHttpProvider).
If I activate the SOAP providers XWS-Client and XWS-Server, the bodies get signed with X509 certificates, which is not what I specified in the OpenSSO profiles. The OpenSSO profiles seem to have no role in the SOAP security headers being generated.
Any suggestion of what might be missing?
Thank you,
Ugo
[Message sent by forum member 'ucorda' (ucorda)]
http://forums.java.net/jive/thread.jspa?messageID=334047