STS use cases in more detail - 8.0

Talend ESB STS User Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Last publication date
2023-09-14

Security Token Services are defined formally in the OASIS WS-Trust specification. They help immensely in decoupling authentication and authorization maintenance from the web service clients and providers that need that information. Using the STS eliminates the need for the Web Service Provider (WSP) and Web Service Clients (WSC) to have a direct trust relationship, freeing WSPs from needing to maintain WSC UsernameToken passwords or X509 certificates from acceptable clients. Instead, it is just necessary for the WSP to trust the STS and for the STS to be able to validate the WSC's credentials prior to making the STS call.

A client can communicate with the STS using a protocol defined in the WS-Trust specification. The SOAP Body of the request contains a RequestSecurityToken element as follows:

<wst:RequestSecurityToken Context="..." xmlns:wst="...">
   <wst:TokenType>...</wst:TokenType>
   <wst:RequestType>...</wst:RequestType>
   <wst:SecondaryParameters>...</wst:SecondaryParameters>
   ...
</wst:RequestSecurityToken>

The Apache CXF STS implementation supports a wide range of parameters that are passed in the RequestSecurityToken element. The SOAP Body of the response from the STS will contain a RequestSecurityTokenResponse(Collection) element, e.g.:

<wst:RequestSecurityTokenResponseCollection xmlns:wst="...">
   <wst:RequestSecurityTokenResponse>
   ...
   </wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>