You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "renutcs@gmail.com" <re...@gmail.com> on 2014/03/02 06:52:59 UTC
SAML Assertion
Hi,
We are using custom transport in service side. I went through
https://cxf.apache.org/docs/jax-rs-saml.html to evaluate how to add SAML
support .
In the link if we set <bean id="samlEnvHandler"
class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler">,
SAMLEnvelopedInHandler seems to handle the token. Since we are not using
spring and creating a JAXRSServerFactoryBean object, is there a way to set
SamlEnvelopedInHandler programmatically?
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
We dont have any SamlEnvelopedInHandler for JAX-WS?
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740773.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: SAML Assertion
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
You will likely need to configure STSClient in a way described in tutorial and add necessary interceptors (WSS4JIn[Out]Interceptor, IssuedTokenIn[Out]Interceptor) manually.
Regards,
Andrei.
> -----Original Message-----
> From: renutcs@gmail.com [mailto:renutcs@gmail.com]
> Sent: Mittwoch, 5. März 2014 07:57
> To: users@cxf.apache.org
> Subject: RE: SAML Assertion
>
> Hi,
>
> I went through the post but we are not using the policy for SAML assertion.
> We have the crypto and validator object and we want to validate the SAML
> assestion without use of Policy .
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-
> Assertion-tp5740677p5740829.html
> Sent from the cxf-user mailing list archive at Nabble.com.
RE: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
Hi,
I went through the post but we are not using the policy for SAML assertion.
We have the crypto and validator object and we want to validate the SAML
assestion without use of Policy .
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740829.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: SAML Assertion
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
I would recommend to start from Glen Mazza blog: http://www.jroller.com/gmazza/entry/cxf_sts_tutorial and CXF documentation: http://cxf.apache.org/docs/ws-trust.html.
Regards,
Andrei.
> -----Original Message-----
> From: renutcs@gmail.com [mailto:renutcs@gmail.com]
> Sent: Dienstag, 4. März 2014 12:32
> To: users@cxf.apache.org
> Subject: Re: SAML Assertion
>
> Sorry for the confusion.
>
> Actually I started with JAX-RS thinking the handlers will be same for JAX-WS too
> . But it seems like it is not. Could you point out me to articles to check the code
> for SOAP?
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-
> Assertion-tp5740677p5740774.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
Sorry for the confusion.
Actually I started with JAX-RS thinking the handlers will be same for JAX-WS
too . But it seems like it is not. Could you point out me to articles to
check the code for SOAP?
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740774.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by Sergey Beryozkin <sb...@gmail.com>.
Right, but in your original email you actually linked to the page
talking about the SAML authentication in scope of JAX-RS services
Sergey
On 04/03/14 11:22, renutcs@gmail.com wrote:
> We need it for SOAP.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740771.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
We need it for SOAP.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740771.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by Sergey Beryozkin <sb...@gmail.com>.
Please review this page:
https://cxf.apache.org/docs/jax-rs-saml.html
Do you need it for SOAP or RS ? I thought you said for RS...
Sergey
On 04/03/14 10:56, renutcs@gmail.com wrote:
> Thanks for the reply.
>
> Could you please guide to some articles where validation is done using this
> class.
> Also is this the class we should use to do the saml validation ?
> Currently we are using wss4j
>
> WSSecurityEngine secEngine = new WSSecurityEngine();
> WSSConfig config = secEngine.getWssConfig();
> config.setValidator(WSSecurityEngine.SAML2_TOKEN,
> validator);
> secEngine.processSecurityHeader(doc, null, null, crypto);
>
>
> And want to use CXF layer to do the SAML validation.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740764.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
Thanks for the reply.
Could you please guide to some articles where validation is done using this
class.
Also is this the class we should use to do the saml validation ?
Currently we are using wss4j
WSSecurityEngine secEngine = new WSSecurityEngine();
WSSConfig config = secEngine.getWssConfig();
config.setValidator(WSSecurityEngine.SAML2_TOKEN,
validator);
secEngine.processSecurityHeader(doc, null, null, crypto);
And want to use CXF layer to do the SAML validation.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740764.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by Sergey Beryozkin <sb...@gmail.com>.
I already replied, simply register it as JAXRS provider
Cheers, Sergey
On 04/03/14 10:41, renutcs@gmail.com wrote:
> Hi,
>
> How do we register the SAMLEnvelopeInHandler. I could not find any
> references to this class .
> Could you please guide to some articles where validation is done using this
> class.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740761.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: SAML Assertion
Posted by "renutcs@gmail.com" <re...@gmail.com>.
Hi,
How do we register the SAMLEnvelopeInHandler. I could not find any
references to this class .
Could you please guide to some articles where validation is done using this
class.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677p5740761.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML Assertion
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 02/03/14 05:52, renutcs@gmail.com wrote:
> Hi,
>
> We are using custom transport in service side. I went through
> https://cxf.apache.org/docs/jax-rs-saml.html to evaluate how to add SAML
> support .
>
> In the link if we set <bean id="samlEnvHandler"
> class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler">,
> SAMLEnvelopedInHandler seems to handle the token. Since we are not using
> spring and creating a JAXRSServerFactoryBean object, is there a way to set
> SamlEnvelopedInHandler programmatically?
>
Yes, register it as a provider
Cheers, Sergey
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-Assertion-tp5740677.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com