You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Srinivasa Kukatla (JIRA)" <ji...@apache.org> on 2011/09/07 11:09:15 UTC
[jira] [Commented] (CXF-3630) WSS4JIn Interceptor Issue
[ https://issues.apache.org/jira/browse/CXF-3630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13098794#comment-13098794 ]
Srinivasa Kukatla commented on CXF-3630:
----------------------------------------
Colm,
It is been a long time. I realized that the issue is that currently CXF
does not have support for SamlToken as a EndorsingSupportingToken, if I use
the policy framework.
I am working on some project, where I need that support, hence I would
like to write / develop a patch for that. Could you please guide me how /
what do i need to do to complete that.
Please shed some light which classes, and files that i need to modify??
If you are busy, could you please hook me up with one of the developers?
Regards
Srinivas
On Wed, Jul 6, 2011 at 11:09 AM, Colm O hEigeartaigh (JIRA) <jira@apache.org
> WSS4JIn Interceptor Issue
> -------------------------------
>
> Key: CXF-3630
> URL: https://issues.apache.org/jira/browse/CXF-3630
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Srinivasa Kukatla
> Assignee: Colm O hEigeartaigh
> Fix For: Invalid
>
>
> WSS4JInInterceptor does not assert the policies. Hence I had to use the PolicyBasedWSS4JInInterceptor, but it does not have the constructor. Hence I had to add the constructor. Here is another problem:
> I need the following requirement, Saml Assertion needs to be signed, Timestamp needs to be signed:
> But, on the wss4jOutInterceptor, if I say Timestamp, SAMLTokenSigned, and Signature, the actions are mismatching. Hence i had to use only the first two actions.
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp SAMLTokenSigned"/>
> <entry key="timeToLive" value="${timestamp.expiration.property}"/>
> <entry key="user" value="${client.signature.username}"/>
> <entry>
> <key>
> <value>passwordCallbackRef</value>
> </key>
> <ref bean="passwordCallBackHandler"/>
> </entry>
> <entry key="passwordType" value="PasswordDigest" />
> <entry key="samlPropFile" value="${client.saml.properties}"/>
> <entry key="signaturePropFile" value="${client.signature.properties}" />
> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <entry key="signatureDigestAlgorithm" value="http://www.w3.org/2000/09/xmldsig#sha1" />
> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
> </map>
> </constructor-arg>
> But, on the WSS4JInInterceptor, I needed to configure 3 actions as shown below:
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp SAMLTokenSigned Signature "/>
> <entry key="timeToLive" value="${timestamp.expiration.property}"/>
> <entry key="passwordType" value="PasswordDigest" />
> <entry key="signaturePropFile" value="${server.signature.properties}" />
> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <entry key="signatureDigestAlgorithm" value="http://www.w3.org/2000/09/xmldsig#sha1" />
> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
> <entry key="enableSignatureConfirmation" value="true" />
> </map>
> </constructor-arg>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira