You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Jonathan Whitall (JIRA)" <ji...@apache.org> on 2010/06/25 15:55:50 UTC

[jira] Commented: (WSS-204) Support validating SAML 2.0 tokens

    [ https://issues.apache.org/jira/browse/WSS-204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12882580#action_12882580 ] 

Jonathan Whitall commented on WSS-204:
--------------------------------------

I'm interested in processing a SAML 2 token as signed and am willing to contribute time to this.

I'll be the first to admit that I'm not a WS-Security expert, but would a reasonable approach be to traverse the DOM tree to find the Signature element and delegate to the SignatureProcessor? Then, depending on its result, indicate whether the SAML token is signed or unsigned (or possibly throw an exception)?

Just some thoughts.



> Support validating SAML 2.0 tokens
> ----------------------------------
>
>                 Key: WSS-204
>                 URL: https://issues.apache.org/jira/browse/WSS-204
>             Project: WSS4J
>          Issue Type: New Feature
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>            Reporter: Thilina Buddhika
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.9, 1.6
>
>         Attachments: wss4j.patch
>
>
> With the patch submitted for Rampart-231, SAML 2.0 support will be available for Rampart. That patch only generates SAML 2.0 tokens as per the SAML Token Profile 1.1 specification. SAML 2.0 validation support is mandatory for the full completion of SAML 2.0 support in Rampart. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org