You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Ashok Shah <as...@sfu.ca> on 2005/06/08 00:38:50 UTC
SAMLTokenUnsigned profile, Assertion handling
Hello,
I am using "SAMLTokenUnsigned" profile in the WSS4J implementation. I have
my own policy enforcement engine that converts the SAML request to XACML
request and then runs it through the XACML PDP and PEP enignes. The policy
enforcement engine is responsible for enforcing the access rules to the
resource requested.
I was wondering if after processing the security header in WSS4J the
SAMLAssertion instance could be added to the MessageContext object so that
other handlers in the chain could access that SAMLAssertion and run it
through the policy engine that I have designed.
Currently, the WSS4J code only seem to verify the signature and trust for
the Assertion and then puts the assertion in the wsResults vector.But once
the processing is done in doReciever() the assertion cannot be accessed
from other handlers.
I was wondering if someone could help me over here. I am ready to work out
the patch, please let me know.
Thanks,
Ashok.
Re: SAMLTokenUnsigned profile, Assertion handling
Posted by Davanum Srinivas <da...@gmail.com>.
please open a bug report with a "cvs diff -u" against latest CVS.
thanks,
dims
On 6/7/05, Ashok Shah <as...@sfu.ca> wrote:
> That would be great.
>
> +1 from me.
>
> Thank you,
>
> Ashok.
>
>
> On Tue, 7 Jun 2005 18:48:48 -0400, Davanum Srinivas <da...@gmail.com>
> wrote:
>
> > do you want to add an optional flag to save the assertion in the
> > MessageContext in addition to wsResults vector? +1 from me.
> >
> > -- dims
> >
> > On 6/7/05, Ashok Shah <as...@sfu.ca> wrote:
> >> Hello,
> >>
> >> I am using "SAMLTokenUnsigned" profile in the WSS4J implementation. I
> >> have
> >> my own policy enforcement engine that converts the SAML request to XACML
> >> request and then runs it through the XACML PDP and PEP enignes. The
> >> policy
> >> enforcement engine is responsible for enforcing the access rules to the
> >> resource requested.
> >>
> >> I was wondering if after processing the security header in WSS4J the
> >> SAMLAssertion instance could be added to the MessageContext object so
> >> that
> >> other handlers in the chain could access that SAMLAssertion and run it
> >> through the policy engine that I have designed.
> >>
> >> Currently, the WSS4J code only seem to verify the signature and trust
> >> for
> >> the Assertion and then puts the assertion in the wsResults vector.But
> >> once
> >> the processing is done in doReciever() the assertion cannot be accessed
> >> from other handlers.
> >>
> >> I was wondering if someone could help me over here. I am ready to work
> >> out
> >> the patch, please let me know.
> >>
> >> Thanks,
> >>
> >> Ashok.
> >>
> >
> >
>
>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
>
--
Davanum Srinivas - http://webservices.apache.org/~dims/
Re: SAMLTokenUnsigned profile, Assertion handling
Posted by Ashok Shah <as...@sfu.ca>.
That would be great.
+1 from me.
Thank you,
Ashok.
On Tue, 7 Jun 2005 18:48:48 -0400, Davanum Srinivas <da...@gmail.com>
wrote:
> do you want to add an optional flag to save the assertion in the
> MessageContext in addition to wsResults vector? +1 from me.
>
> -- dims
>
> On 6/7/05, Ashok Shah <as...@sfu.ca> wrote:
>> Hello,
>>
>> I am using "SAMLTokenUnsigned" profile in the WSS4J implementation. I
>> have
>> my own policy enforcement engine that converts the SAML request to XACML
>> request and then runs it through the XACML PDP and PEP enignes. The
>> policy
>> enforcement engine is responsible for enforcing the access rules to the
>> resource requested.
>>
>> I was wondering if after processing the security header in WSS4J the
>> SAMLAssertion instance could be added to the MessageContext object so
>> that
>> other handlers in the chain could access that SAMLAssertion and run it
>> through the policy engine that I have designed.
>>
>> Currently, the WSS4J code only seem to verify the signature and trust
>> for
>> the Assertion and then puts the assertion in the wsResults vector.But
>> once
>> the processing is done in doReciever() the assertion cannot be accessed
>> from other handlers.
>>
>> I was wondering if someone could help me over here. I am ready to work
>> out
>> the patch, please let me know.
>>
>> Thanks,
>>
>> Ashok.
>>
>
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
Re: SAMLTokenUnsigned profile, Assertion handling
Posted by Davanum Srinivas <da...@gmail.com>.
do you want to add an optional flag to save the assertion in the
MessageContext in addition to wsResults vector? +1 from me.
-- dims
On 6/7/05, Ashok Shah <as...@sfu.ca> wrote:
> Hello,
>
> I am using "SAMLTokenUnsigned" profile in the WSS4J implementation. I have
> my own policy enforcement engine that converts the SAML request to XACML
> request and then runs it through the XACML PDP and PEP enignes. The policy
> enforcement engine is responsible for enforcing the access rules to the
> resource requested.
>
> I was wondering if after processing the security header in WSS4J the
> SAMLAssertion instance could be added to the MessageContext object so that
> other handlers in the chain could access that SAMLAssertion and run it
> through the policy engine that I have designed.
>
> Currently, the WSS4J code only seem to verify the signature and trust for
> the Assertion and then puts the assertion in the wsResults vector.But once
> the processing is done in doReciever() the assertion cannot be accessed
> from other handlers.
>
> I was wondering if someone could help me over here. I am ready to work out
> the patch, please let me know.
>
> Thanks,
>
> Ashok.
>
--
Davanum Srinivas - http://webservices.apache.org/~dims/