You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Joana M. F. Trindade" <jm...@gmail.com> on 2008/01/10 13:09:15 UTC
Rampart configuration (user and encryptionUser)
Hi all,
This is something I could not find in the documentation/source code, so
here's a question concerning the RampartConfig tags.
Moreover, <ramp:user> and <ramp:encryptionUser>. In the policy sample #05
(rampart version 1.3), the following configuration is used on services.xml:
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>
org.apache.rampart.samples.policy.sample05.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
...
</ramp:signatureCrypto>
</ramp:RampartConfig>
In this example above, the service from sample #05 will only issue SAML
Tokens to a user identified as "client" (defined in the tag encryptionUser),
is that correct? Is it possible to add more actors by just employing
more "encryptionUser" tags?
Thanks and regards,
Joana
--
Student Intern
SAP Research - Security & Trust
SAP Labs France
805 Avenue du Dr. Maurice Donat
06250 Mougins
T +33/492286319
F +33/492286201
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
Re: Rampart configuration (user and encryptionUser)
Posted by "Joana M. F. Trindade" <jm...@gmail.com>.
Hi Nandana,
Thank you very much for the article! I am reading it and will try it out.
Thanks and regards,
Joana
On 1/10/08, Nandana Mihindukulasooriya <na...@gmail.com> wrote:
>
> Hi Joana,
>
> <ramp:user>service</ramp:user>
> > <ramp:encryptionUser>client</ramp:encryptionUser>
> >
> > In this example above, the service from sample #05 will only issue SAML
> > Tokens to a user identified as "client" (defined in the tag
> > encryptionUser),
> > is that correct?
>
>
> Yes, Response will be encrypted using the "client" 's public key.
>
>
> > Is it possible to add more actors by just employing
> > more "encryptionUser" tags?
>
>
> Nope. But you can use "useReqSigCert" to cater for
> multiple clients. This article [1] describes the usage.
> The article uses old way of Rampart configuration but
> it shows the usage of useReqSigCert.
>
> Thanks,
> Nandana
>
> [1] - http://wso2.org/library/255
>
>
>
>
> >
> >
> > Thanks and regards,
> > Joana
> >
> > --
> > Student Intern
> > SAP Research - Security & Trust
> > SAP Labs France
> >
> > 805 Avenue du Dr. Maurice Donat
> > 06250 Mougins
> > T +33/492286319
> > F +33/492286201
> > Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade<
> http://www.inf.ufrgs.br/%7Ejmftrindade>
> >
>
--
Student Intern
SAP Research - Security & Trust
SAP Labs France
805 Avenue du Dr. Maurice Donat
06250 Mougins
T +33/492286319
F +33/492286201
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
Re: Rampart configuration (user and encryptionUser)
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Joana,
<ramp:user>service</ramp:user>
> <ramp:encryptionUser>client</ramp:encryptionUser>
>
> In this example above, the service from sample #05 will only issue SAML
> Tokens to a user identified as "client" (defined in the tag
> encryptionUser),
> is that correct?
Yes, Response will be encrypted using the "client" 's public key.
> Is it possible to add more actors by just employing
> more "encryptionUser" tags?
Nope. But you can use "useReqSigCert" to cater for
multiple clients. This article [1] describes the usage.
The article uses old way of Rampart configuration but
it shows the usage of useReqSigCert.
Thanks,
Nandana
[1] - http://wso2.org/library/255
>
>
> Thanks and regards,
> Joana
>
> --
> Student Intern
> SAP Research - Security & Trust
> SAP Labs France
>
> 805 Avenue du Dr. Maurice Donat
> 06250 Mougins
> T +33/492286319
> F +33/492286201
> Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade<http://www.inf.ufrgs.br/%7Ejmftrindade>
>