You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Alexander Savinov <ku...@googlemail.com> on 2014/03/14 12:13:27 UTC
Adding SAML token to request from 3rd Service
Hello everybody I have a problem configuring CXF.
First of all the Architecture I am using is the following.
I have an STS, an AdmissionTokenService (ATS) and a WebService.
So my Client need to request(via x509) a SAML Token from the STS in order
to communicate with the Service.
This works wonderfull, but in order to call the Methods from the Service
the Client also needs a SAML-Token from the ATS.
So the Client needs to request a SAML Token from the STS. Use the SAML
Token to request the SAML Token 2 from the ATS.
This is also working great, but how do I get CXF to use the SAML Token 2 in
a request to the Service.
The SAML Token 2 should be a supporting token and the first Token is the
IssuedToken.
I used cxf.xml to configure this.
As I could see this is not a standard configuration which I can handle with
properties in the cxf.xml
So what is the best way to go, can I use an Interceptor for that? I am
pretty new to cxf and WebServices.
Best regards
Re: Adding SAML token to request from 3rd Service
Posted by Alexander Savinov <ku...@googlemail.com>.
Yes was referring exactly to that. So i just misunderstood it. Thanks again.
2014-03-19 11:32 GMT+01:00 Colm O hEigeartaigh <co...@apache.org>:
> There is no problem with using the interceptor approach here. I think you
> are referring to different ways of using WS-Security, one via an "Action"
> approach where you configure the interceptors with what to do, and one via
> WS-SecurityPolicy which uses the policy to set up configuration.
>
> Colm.
>
>
> On Wed, Mar 19, 2014 at 9:35 AM, Alexander Savinov <
> kure.saru@googlemail.com
> > wrote:
>
> > Thanks for answer and i do have another question concerning this.
> >
> > So my Service WSDL do have a policy within for the IssuedToken. My ATS
> > WSDL also have a policy
> > for that.
> >
> > I would like to use the alternative with using the IssuedToken policy
> from
> > service and getting the SAML Token from ATS with interceptors. But as far
> > as i am right from reading the Documentation, i can't use WS-Security
> > approach and Interceptor approach together. So how do i use the
> Interceptor
> > approach here?
> >
> > I used getInInterceptors and getOutInterceptors to check whether there
> any
> > Interceptors for my Client and the Lists are empty. Will CXF use my own
> > interceptor if i add it to the outgoingInterceptors?
> >
> > best regards
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: Adding SAML token to request from 3rd Service
Posted by Colm O hEigeartaigh <co...@apache.org>.
There is no problem with using the interceptor approach here. I think you
are referring to different ways of using WS-Security, one via an "Action"
approach where you configure the interceptors with what to do, and one via
WS-SecurityPolicy which uses the policy to set up configuration.
Colm.
On Wed, Mar 19, 2014 at 9:35 AM, Alexander Savinov <kure.saru@googlemail.com
> wrote:
> Thanks for answer and i do have another question concerning this.
>
> So my Service WSDL do have a policy within for the IssuedToken. My ATS
> WSDL also have a policy
> for that.
>
> I would like to use the alternative with using the IssuedToken policy from
> service and getting the SAML Token from ATS with interceptors. But as far
> as i am right from reading the Documentation, i can't use WS-Security
> approach and Interceptor approach together. So how do i use the Interceptor
> approach here?
>
> I used getInInterceptors and getOutInterceptors to check whether there any
> Interceptors for my Client and the Lists are empty. Will CXF use my own
> interceptor if i add it to the outgoingInterceptors?
>
> best regards
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Adding SAML token to request from 3rd Service
Posted by Alexander Savinov <ku...@googlemail.com>.
Thanks for answer and i do have another question concerning this.
So my Service WSDL do have a policy within for the IssuedToken. My ATS WSDL
also have a policy
for that.
I would like to use the alternative with using the IssuedToken policy from
service and getting the SAML Token from ATS with interceptors. But as far
as i am right from reading the Documentation, i can't use WS-Security
approach and Interceptor approach together. So how do i use the Interceptor
approach here?
I used getInInterceptors and getOutInterceptors to check whether there any
Interceptors for my Client and the Lists are empty. Will CXF use my own
interceptor if i add it to the outgoingInterceptors?
best regards
Re: Adding SAML token to request from 3rd Service
Posted by Colm O hEigeartaigh <co...@apache.org>.
There is no standard way of doing this that is currently supported in CXF.
Your requirements are pretty similar to this JIRA:
https://issues.apache.org/jira/browse/CXF-3520
You essentially need to write an interceptor to carry out the two STS
calls. There are two ways of doing it - you could call the STSClient Object
directly in the interceptor to get the first token, and then use this token
in a second call. To do this you could take a look at some of the unit
tests here:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java;h=4374acda261244e97bcdee60b6d79ceb38115a15;hb=HEAD
The alternative is to use an IssuedToken policy in the service WSDL and get
let CXF take care of getting the first SAML Token. Then have your
interceptor run after the IssuedTokenOutInterceptor, retrieve the token +
transform it.
Colm.
On Fri, Mar 14, 2014 at 11:13 AM, Alexander Savinov <
kure.saru@googlemail.com> wrote:
> Hello everybody I have a problem configuring CXF.
>
>
>
> First of all the Architecture I am using is the following.
>
>
>
> I have an STS, an AdmissionTokenService (ATS) and a WebService.
>
>
>
> So my Client need to request(via x509) a SAML Token from the STS in order
> to communicate with the Service.
>
> This works wonderfull, but in order to call the Methods from the Service
> the Client also needs a SAML-Token from the ATS.
>
>
>
> So the Client needs to request a SAML Token from the STS. Use the SAML
> Token to request the SAML Token 2 from the ATS.
>
> This is also working great, but how do I get CXF to use the SAML Token 2 in
> a request to the Service.
>
> The SAML Token 2 should be a supporting token and the first Token is the
> IssuedToken.
>
>
> I used cxf.xml to configure this.
>
>
>
> As I could see this is not a standard configuration which I can handle with
> properties in the cxf.xml
>
> So what is the best way to go, can I use an Interceptor for that? I am
> pretty new to cxf and WebServices.
>
>
>
> Best regards
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com