You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Brian Woo <br...@sjrb.ca> on 2006/04/13 23:55:01 UTC
WSS4J & SAML...
Hi guys,
I have built a webservice with UsernameToken built-in and everything works fine. Now, I am starting to look at SAML assertions.
Has any of you built a webservice with SAML support? I have tried to Google that topic but I can't find anything concrete that I can use to build one. Can someone please provide me some instructions? If I can set one up, I promise to publish a step-by-step guide on the wss4j website.
I have heard that I would need Sun's Access Manager to generate SAML assertions, is that correct? Are there any other options? Is there any binding to tie SAML into wss4j?
A lot of questions... thanks very much for your help,
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J & SAML...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
wss4j handles saml assertions fairly nicely. Make sure you can send
signed messages using wss4j first. The saml examples in wss4j show how
to set the appropriate handlers and such.
The only catch that I've found on the server side is that for
holder-of-key wss4j does not check to make sure the message signing key
matches the client key embedded in the saml assertion. You'll have to
extract the assertion from the message context and compare yourself.
This may have changed since we're using a really old version of wss4j.
For creating your own assertions, look at the opensaml libraries. To use
your own assertions, you can override loadSamlIssuer in WSDoAllSender.
In our setup, we have a seperate web-service in the local trust domain
that authenticates using UsernameToken and has a call to issue
assertions to a client given the clients cert. The assertion is used to
connect to any services that can't directly authenticate.
-Mike
sorry if it's a little incoherent, it's Friday ;)
Brian Woo wrote:
> Hi guys,
>
> I have built a webservice with UsernameToken built-in and everything works fine. Now, I am starting to look at SAML assertions.
>
> Has any of you built a webservice with SAML support? I have tried to Google that topic but I can't find anything concrete that I can use to build one. Can someone please provide me some instructions? If I can set one up, I promise to publish a step-by-step guide on the wss4j website.
>
> I have heard that I would need Sun's Access Manager to generate SAML assertions, is that correct? Are there any other options? Is there any binding to tie SAML into wss4j?
>
> A lot of questions... thanks very much for your help,
>
> Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J & SAML...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
wss4j handles saml assertions fairly nicely. Make sure you can send
signed messages using wss4j first. The saml examples in wss4j show how
to set the appropriate handlers and such.
The only catch that I've found on the server side is that for
holder-of-key wss4j does not check to make sure the message signing key
matches the client key embedded in the saml assertion. You'll have to
extract the assertion from the message context and compare yourself.
This may have changed since we're using a really old version of wss4j.
For creating your own assertions, look at the opensaml libraries. To use
your own assertions, you can override loadSamlIssuer in WSDoAllSender.
In our setup, we have a seperate web-service in the local trust domain
that authenticates using UsernameToken and has a call to issue
assertions to a client given the clients cert. The assertion is used to
connect to any services that can't directly authenticate.
-Mike
sorry if it's a little incoherent, it's Friday ;)
Brian Woo wrote:
> Hi guys,
>
> I have built a webservice with UsernameToken built-in and everything works fine. Now, I am starting to look at SAML assertions.
>
> Has any of you built a webservice with SAML support? I have tried to Google that topic but I can't find anything concrete that I can use to build one. Can someone please provide me some instructions? If I can set one up, I promise to publish a step-by-step guide on the wss4j website.
>
> I have heard that I would need Sun's Access Manager to generate SAML assertions, is that correct? Are there any other options? Is there any binding to tie SAML into wss4j?
>
> A lot of questions... thanks very much for your help,
>
> Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org