You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Peter Rankor <pe...@googlemail.com> on 2010/02/01 10:17:00 UTC
org.apache.ws.secpolicy.model.Token and SAML
List,
if you want to use a SAML token as Initiator or SupportingToken and specify
i.e.:
<sp:SupportingTokens>
<wsp:Policy>
<sp:SamlToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssSamlV11Token10/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:SupportingTokens>
in the services.xml
the resulting WSDL looks like:
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:SupportingTokens>
This seems to be realted to the fact that
org.apache.ws.secpolicy.model.Token
has 5 children:
HttpsToken
IssuedToken
SecurityContextToken
UsernameToken
X509Token
SAML is missing.
Two questions:
1) Am I correct, that the lack of a SAML token as child of
org.apache.ws.secpolicy.model.Token results in the incomplete WSDL shown
above?
2) If this is correct, has someone already implemented a SamlToken as child
of org.apache.ws.secpolicy.model.Token?
Thanks for your help.
Peter
Re: org.apache.ws.secpolicy.model.Token and SAML
Posted by Thilina Mahesh Buddhika <th...@gmail.com>.
Hi Peter,
When using a SAML token as a supporting token, it is specified as an Issued
Token. The corresponding policy looks similar to the following.
<sp:IssuedToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<Address xmlns="http://www.w3.org/2005/08/addressing">
http://localhost:8080/axis2/services/STS</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
</t:TokenType>
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust
">256</t:KeySize>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
Here the token type is identified using the TokenType element in the
RequestSecurityToken element.
Please have a look at the Rampart Sample-05.
Hope this helps.
Thanks.
/thilina
Thilina Mahesh Buddhika
http://blog.thilinamb.com
On Mon, Feb 1, 2010 at 2:47 PM, Peter Rankor <pe...@googlemail.com>wrote:
> List,
>
> if you want to use a SAML token as Initiator or SupportingToken and specify
> i.e.:
> <sp:SupportingTokens>
> <wsp:Policy>
> <sp:SamlToken sp:IncludeToken="
>
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:WssSamlV11Token10/>
> </wsp:Policy>
> </sp:SamlToken>
> </wsp:Policy>
> </sp:SupportingTokens>
>
> in the services.xml
>
> the resulting WSDL looks like:
>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy/>
> </sp:SupportingTokens>
>
> This seems to be realted to the fact that
>
> org.apache.ws.secpolicy.model.Token
>
> has 5 children:
>
> HttpsToken
> IssuedToken
> SecurityContextToken
> UsernameToken
> X509Token
>
> SAML is missing.
>
> Two questions:
> 1) Am I correct, that the lack of a SAML token as child of
> org.apache.ws.secpolicy.model.Token results in the incomplete WSDL shown
> above?
> 2) If this is correct, has someone already implemented a SamlToken as child
> of org.apache.ws.secpolicy.model.Token?
>
> Thanks for your help.
>
> Peter
>