none
w2k8r2 CES/WSTEP - WSDL appears incomplete RRS feed

Answers

  • Hi,

     

    Upon review, I would like to re-iterate that your question is related to service implementation details which are supported in the http://social.technet.microsoft.com/Forums/en-SG/category/windowsserver forum. Notwithstanding, I am providing here some guidance that may help. In case you need further development-related assistance on this issue, please post your questions on the forums I suggested previously.

    The Certificate Enrollment Web Service (CES) does not publish the detailed types and operations, which are standard WS-Trust types and operations. As you noticed, CES just publishes the top level service name.

    The client stub can be generated from the WS-Trust specification. For example, using the ServiceModel Metadata Utility Tool (Svcutil.exe) in Visual Studio tools, you can just run:
       svcutil http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl.
    This generates a C# file by default. The /language:<language> switch is used to specify the programming language to use for code generation. Examples of language options are C#, VB, and C++.

    However this does not generate binding information for the specific CES. When you use a Java tool or svcutil utility to generate calling stub from CES, it will generate the binding information and a file (e.g. .cs file) which only contains the service name (hence useless), but you can use that binding information (usually app.config file in C#).

    In summary, you need to generate contract information from the WS-trust specification, and generate binding information from CES. From there, you can write code to talk to CES.

     

    Regards,

    Edgar

    Tuesday, July 26, 2011 9:30 PM
    Moderator
  • Hi,

     

    This forum handles requests related to Open Specifications documentation issues.
    The Open Specifications can be found at:
    http://msdn2.microsoft.com/en-us/library/cc203350.aspx.

     

    For the implementation and configuration part, I suggest you post your question on the following forums to get assistance.

     

    Security for Applications in Microsoft Windows

    http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/threads

     

    Windows Server TechCenter > Windows Server Forums > Security

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads

     

    Additional resources:

     

    Certificate Enrollment Web Services in Windows Server 2008 R2

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1746

     

    Video on Tech-Ed 2011:

    Certificate Enrollment Using CEP/CES in Windows 2008 R2 and Network Device Enrollment Service (NDES)

    Certificate Enrollment Using CEP/CES in Windows 2008 R2 and Network Device Enrollment Service (NDES)

    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM329

     

    For the WSDL question, as indicated in MS-WSTEP 3.1.4.1   wst:RequestSecurityToken2, the wst:SecurityTokenService port and wst:RequestSecurityToken2 operation are defined in the [WSTrust1.3] WSDL wsdl:portType definition.

     

    The reference for the WS-Trust 1.3 WSDL is provided in:

     

     6   Appendix A: Full WSDL

    The WSTEP protocol is a profile extension of WS-Trust1.3. As such, it does not have a WSDL.

    WS-Trust 1.3 WSDL: The full WSDL for WS-Trust can be found at: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl.

    This is a snippet of the profile.

     

    - <wsdl:portType name="SecurityTokenService">

    - <wsdl:operation name="RequestSecurityToken">

      <wsdl:input message="tns:RequestSecurityTokenMsg" />

      <wsdl:output message="tns:RequestSecurityTokenResponseMsg" />

      </wsdl:operation>

    - <wsdl:operation name="RequestSecurityToken2">

      <wsdl:input message="tns:RequestSecurityTokenMsg" />

      <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" />

      </wsdl:operation>

      </wsdl:portType>

     

    Regards,

    Edgar

     

    Friday, July 22, 2011 9:06 PM
    Moderator
  • Glad to be helpful. As such MS-WSTEP is accurate. This is not the right forum to discuss CES implementation details. This forum supports issues related to the Open Specifications.

    Thanks,

    Edgar

    Friday, July 29, 2011 3:03 PM
    Moderator

All replies

  • Hi Pursuitofknowledge:

    I have alerted protocol documentation team regarding your inquiry. A member of the team will be in touch soon.


    Regards, Obaid Farooqi
    Tuesday, July 19, 2011 8:54 PM
    Owner
  • Hi,

    I will investigate this and follow-up.

    Thanks,

    Edgar

    Thursday, July 21, 2011 9:09 PM
    Moderator
  • Hi,

     

    This forum handles requests related to Open Specifications documentation issues.
    The Open Specifications can be found at:
    http://msdn2.microsoft.com/en-us/library/cc203350.aspx.

     

    For the implementation and configuration part, I suggest you post your question on the following forums to get assistance.

     

    Security for Applications in Microsoft Windows

    http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/threads

     

    Windows Server TechCenter > Windows Server Forums > Security

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads

     

    Additional resources:

     

    Certificate Enrollment Web Services in Windows Server 2008 R2

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1746

     

    Video on Tech-Ed 2011:

    Certificate Enrollment Using CEP/CES in Windows 2008 R2 and Network Device Enrollment Service (NDES)

    Certificate Enrollment Using CEP/CES in Windows 2008 R2 and Network Device Enrollment Service (NDES)

    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM329

     

    For the WSDL question, as indicated in MS-WSTEP 3.1.4.1   wst:RequestSecurityToken2, the wst:SecurityTokenService port and wst:RequestSecurityToken2 operation are defined in the [WSTrust1.3] WSDL wsdl:portType definition.

     

    The reference for the WS-Trust 1.3 WSDL is provided in:

     

     6   Appendix A: Full WSDL

    The WSTEP protocol is a profile extension of WS-Trust1.3. As such, it does not have a WSDL.

    WS-Trust 1.3 WSDL: The full WSDL for WS-Trust can be found at: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl.

    This is a snippet of the profile.

     

    - <wsdl:portType name="SecurityTokenService">

    - <wsdl:operation name="RequestSecurityToken">

      <wsdl:input message="tns:RequestSecurityTokenMsg" />

      <wsdl:output message="tns:RequestSecurityTokenResponseMsg" />

      </wsdl:operation>

    - <wsdl:operation name="RequestSecurityToken2">

      <wsdl:input message="tns:RequestSecurityTokenMsg" />

      <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" />

      </wsdl:operation>

      </wsdl:portType>

     

    Regards,

    Edgar

     

    Friday, July 22, 2011 9:06 PM
    Moderator
  • Edgar,

    I've already been re-directed away from a the "Windows Server Forums | Security" by a user there to this one (see: http://social.technet.microsoft.com/Forums/en-SG/category/windowsserver)... and now you are re-directing me back? It would be nice if guys could get your story straight with respect to which forum this question belongs on. Being bounced back and forth between different forums is frusterating.

    Anyway, with regard to all the links you posted, thank-you, but I have already found those on my own and read the information there prior to posting the question... unfortuantely, this information does not answer my question either. And yes, I have read the MS-WSTEP specification and I am aware that the wst:SecurityTokenService2 operation is defined under the wst:SecurityTokenService port section. That was not my question.

    My question is, when I enable CES (which employs WSTEP), why does the WSDL that is published by the CES service not contain any operations (specifically the wst:SecurityTokenService2 operation)? Is there something I have missed in terms of configuration?  How can one make use of a service that does not provide any operations?

    If there is someone out there that has used the CES service successfully (calling it from a web services client), I'd be delighted to hear from you.

    PoK

    Monday, July 25, 2011 11:30 AM
  • Hi,

    I will review your reply and follow-up.

    Thanks,

    Edgar

    Monday, July 25, 2011 8:16 PM
    Moderator
  • Hi,

     

    Upon review, I would like to re-iterate that your question is related to service implementation details which are supported in the http://social.technet.microsoft.com/Forums/en-SG/category/windowsserver forum. Notwithstanding, I am providing here some guidance that may help. In case you need further development-related assistance on this issue, please post your questions on the forums I suggested previously.

    The Certificate Enrollment Web Service (CES) does not publish the detailed types and operations, which are standard WS-Trust types and operations. As you noticed, CES just publishes the top level service name.

    The client stub can be generated from the WS-Trust specification. For example, using the ServiceModel Metadata Utility Tool (Svcutil.exe) in Visual Studio tools, you can just run:
       svcutil http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl.
    This generates a C# file by default. The /language:<language> switch is used to specify the programming language to use for code generation. Examples of language options are C#, VB, and C++.

    However this does not generate binding information for the specific CES. When you use a Java tool or svcutil utility to generate calling stub from CES, it will generate the binding information and a file (e.g. .cs file) which only contains the service name (hence useless), but you can use that binding information (usually app.config file in C#).

    In summary, you need to generate contract information from the WS-trust specification, and generate binding information from CES. From there, you can write code to talk to CES.

     

    Regards,

    Edgar

    Tuesday, July 26, 2011 9:30 PM
    Moderator
  • Thank-you very much Edgar... this information is helpful. I did take your advice and posted the question on other forums you suggested, but did not get any useful responses.

    Based on your response, I understand that to use CES I must use the WS-Trust wsdl. If that is the case though, shouldn't the CES service be puslishing that wsdl instead of the current one that cannot be used? I think that would cause less confusion. I've never seen any other web-services publish a WSDL other than the one that can be used to access the service... I wonder why Microsoft thought it was prudent to take this approach?

     

    Wednesday, July 27, 2011 7:35 PM
  • Glad to be helpful. As such MS-WSTEP is accurate. This is not the right forum to discuss CES implementation details. This forum supports issues related to the Open Specifications.

    Thanks,

    Edgar

    Friday, July 29, 2011 3:03 PM
    Moderator
  • Thank-you very much Edgar... this information is helpful. I did take your advice and posted the question on other forums you suggested, but did not get any useful responses.

    Based on your response, I understand that to use CES I must use the WS-Trust wsdl. If that is the case though, shouldn't the CES service be puslishing that wsdl instead of the current one that cannot be used? I think that would cause less confusion. I've never seen any other web-services publish a WSDL other than the one that can be used to access the service... I wonder why Microsoft thought it was prudent to take this approach?

     

    Hi,

    Did you manage to use the CES service from Java? Can you contact me directly, I am working on the same problem. My e-mail is rstibric@gmail.com_remove

    Thanks,

    Ratko


    Ratko Stibric

    Tuesday, February 19, 2013 8:03 AM
  • Hello Ratko Stibric,
    It appears that you have some questions about service implementation details similar to the original poster of this thread. If you have not gotten a response and would like to pursue this, you may post your question to  http://social.technet.microsoft.com/Forums/en-SG/category/windowsserver forum.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open Specifications

    Tuesday, February 19, 2013 6:19 PM
    Moderator