Following is a brief description of Rampart/C samples Service : ./server/sec_echo --------------------------- The security enabled service. Depends on deployed security policy scenario. Service : ./server/secconv_echo --------------------------- The service act as the Security Token Service (STS). Depends on deployed security policy scenario. Service : ./server/saml_sts --------------------------- The service act as STS for SAML tokens. Client: ./client/sec_echo --------------------------- The client to send secured SOAP messages. Depends on deployed security policy scenario. Client: ./client/saml_echo --------------------------- Client uses SAML token as sign supporting token. Client: ./client/saml_protect ------------------------------ Client uses SAML token to encrypt and sign the message Security policies: ./secpolicy/scenarioX -------------------------------------- Provides several identified scenarios to demonstrate features of RampartC. Please read the README file under ./secpolicy to learn more about them. Callbacks : ./callback --------------------------- To retrieve passwords for a particular user, Rampart/C uses password callback mechanism. Such callback modules can be plugged into Rampart/C by defining them in the policy assertions. The sample shows how to write a simple password callback module. Credential Provider: ./credential_provider ------------------------------------------------ In the client side it's possible to give a username/password pair to the client, using a credential_provider. Similar to Callbacks, these can too plugged into Rampart/C by defining them in the policy assertions. The sample shows how to write a simple credentials provider. Authentication Provider : ./authn_provider ---------------------------------------------- In the server side, in order to validate a usernametoken in more application specific way, an authentication module can be used. The authentication module gets both the username and the password and returns a status code back to Rampart/C. The sample shows how to write a simple authentication provider. Replay Detector : ./replay_detector --------------------------------------------- Replay attacks can be identified and removed from the server side. Replay detector module shows one such implementation where it stores last 5 message IDs and check whether there are any replays. Security Context Token Provider : ./sct_provider -------------------------------------------------- To store and retrieve Security Context Token. Can be used in server side as well as in client side. Keys : ./keys ------------------ All the certificates, private keys and key stores are used by samples are placed here. Data : ./data ------------------- Data files that are used by samples, placed here.