You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Håkon Sagehaug <Ha...@bccs.uib.no> on 2009/04/14 15:57:01 UTC
Re: Using custom token in and rampart
Hi
A following up question to this answer, hope it's okay. Is it the
SAMLTokenProcessor class in wss4j lib that validates the saml 1 token is
rampart?
cheers, Håkon
2009/3/20 Nandana Mihindukulasooriya <na...@gmail.com>
> How does your custom token get validated ? Have you added a custom handler
> for that ? WSS4J has a map of processor registered with the QName of the
> header block in the security header. So if we can register a processor for
> your custom header, then we can get this problem solved. Yes, at current we
> expect a SAML token when there is Issued Token as a supporting token in the
> policy. This should be improved to look for any type custom token. We need
> to find a way to register a custom processor with a QName in WSS4J and then
> we can improve Rampart Configuration have those configuration data. If you
> are willing to do these improvements, I can help and guide you to do that.
>
> thanks,
> Nandana
>
> 2009/3/20 Håkon Sagehaug <Ha...@bccs.uib.no>
>
> Hi
>>
>> Any tips on this issue?
>>
>> cheers, Håkon
>>
>> 2009/3/17 Håkon Sagehaug <Ha...@bccs.uib.no>
>>
>> Hi all
>>>
>>> I've got a service that accepts a custom token from a sts service, but
>>> when I call my end service after injected the custom token into my header I
>>> always get
>>>
>>> org.apache.axis2.AxisFault: SAML Token missing in request
>>>
>>> replay from my service. So I was wondering what does ramart look for when
>>> trying to extract the custom token? Is it that the value of TokenType, a
>>> namespace containing the element in my case, that must be the same as one of
>>> the elements in the soap header. I had a look at the code where the
>>> exception is thrown, in PolicyBasedResultsValidator#handleSupportingTokens
>>>
>>> else if ( token instanceof IssuedToken ) {
>>> //TODO is is enough to check for ST_UNSIGNED results ??
>>> WSSecurityEngineResult samlResult =
>>> WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
>>> if(samlResult == null) {
>>> throw new RampartException("samlTokenMissing");
>>> }
>>> }
>>>
>>> So if I got i correct is that it checks for unsigned saml tokens, bu
>>> since my issued token is not a SAML token I've got a problem. Maybe the TODO
>>> has something to do with it
>>>
>>> Any tips on how to solve this?
>>>
>>> cheers, Håkon
>>>
>>>
>>> --
>>> Håkon Sagehaug, Scientific Programmer
>>> Parallab, Bergen Center for Computational Science (BCCS)
>>> UNIFOB AS (University of Bergen Research Company)
>>>
>>
>>
>>
>> --
>> Håkon Sagehaug, Scientific Programmer
>> Parallab, Bergen Center for Computational Science (BCCS)
>> UNIFOB AS (University of Bergen Research Company)
>>
>
>
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)
Fwd: Using custom token in and rampart
Posted by Håkon Sagehaug <Ha...@bccs.uib.no>.
---------- Forwarded message ----------
From: Håkon Sagehaug <Ha...@bccs.uib.no>
Date: 2009/4/14
Subject: Re: Using custom token in and rampart
To: axis-user@ws.apache.org
Hi
A following up question to this answer, hope it's okay. Is it the
SAMLTokenProcessor class in wss4j lib that validates the saml 1 token is
rampart?
cheers, Håkon
2009/3/20 Nandana Mihindukulasooriya <na...@gmail.com>
> How does your custom token get validated ? Have you added a custom handler
> for that ? WSS4J has a map of processor registered with the QName of the
> header block in the security header. So if we can register a processor for
> your custom header, then we can get this problem solved. Yes, at current we
> expect a SAML token when there is Issued Token as a supporting token in the
> policy. This should be improved to look for any type custom token. We need
> to find a way to register a custom processor with a QName in WSS4J and then
> we can improve Rampart Configuration have those configuration data. If you
> are willing to do these improvements, I can help and guide you to do that.
>
> thanks,
> Nandana
>
> 2009/3/20 Håkon Sagehaug <Ha...@bccs.uib.no>
>
> Hi
>>
>> Any tips on this issue?
>>
>> cheers, Håkon
>>
>> 2009/3/17 Håkon Sagehaug <Ha...@bccs.uib.no>
>>
>> Hi all
>>>
>>> I've got a service that accepts a custom token from a sts service, but
>>> when I call my end service after injected the custom token into my header I
>>> always get
>>>
>>> org.apache.axis2.AxisFault: SAML Token missing in request
>>>
>>> replay from my service. So I was wondering what does ramart look for when
>>> trying to extract the custom token? Is it that the value of TokenType, a
>>> namespace containing the element in my case, that must be the same as one of
>>> the elements in the soap header. I had a look at the code where the
>>> exception is thrown, in PolicyBasedResultsValidator#handleSupportingTokens
>>>
>>> else if ( token instanceof IssuedToken ) {
>>> //TODO is is enough to check for ST_UNSIGNED results ??
>>> WSSecurityEngineResult samlResult =
>>> WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
>>> if(samlResult == null) {
>>> throw new RampartException("samlTokenMissing");
>>> }
>>> }
>>>
>>> So if I got i correct is that it checks for unsigned saml tokens, bu
>>> since my issued token is not a SAML token I've got a problem. Maybe the TODO
>>> has something to do with it
>>>
>>> Any tips on how to solve this?
>>>
>>> cheers, Håkon
>>>
>>>
>>> --
>>> Håkon Sagehaug, Scientific Programmer
>>> Parallab, Bergen Center for Computational Science (BCCS)
>>> UNIFOB AS (University of Bergen Research Company)
>>>
>>
>>
>>
>> --
>> Håkon Sagehaug, Scientific Programmer
>> Parallab, Bergen Center for Computational Science (BCCS)
>> UNIFOB AS (University of Bergen Research Company)
>>
>
>
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)
--
Håkon Sagehaug, Scientific Programmer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)