You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Dietmar Gärtner (bluehash)" <di...@bluehash.de> on 2007/12/27 20:32:41 UTC

authentication with X509 certs

Hi,

Does Rampart/WSS4J offer some authentication method using X509 certificates?
While authentication with username token is documented and shown in samples, I can't
find doc and samples for message level authentication with X509 certs or SAML tokens.

Thanks,
Dietmar

Re: authentication with X509 certs

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Dietmar,
        I  still  don't get the scenario very clearly.

On successful authentication  (with whatever method - HTTP auth, usename
> token, X509, SAML, Kerberos?)
> I'd like to generate some custom credentials that are used later on to
> (re-)authenticate with the backend systems
> that the Web service invokes.


Will WS - Trust [1] or WS - Secure Conversation [2] suit your requirement ?

[1] - http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
[2] - http://specs.xmlsoap.org/ws/2005/02/sc/WS-SecureConversation.pdf

Thanks,
Nandana




>
> ----- Original Message -----
> From: "Nandana Mihindukulasooriya" <na...@gmail.com>
> To: <ra...@ws.apache.org>
> Sent: Sunday, December 30, 2007 9:41 AM
> Subject: Re: authentication with X509 certs
>
>
> > Hi Dietmar,
> >
> > Does Rampart/WSS4J offer some authentication method using X509
> >> certificates?
> >
> >
> > If we use a digital signature with X509 certificate, it provides us
> > authentication +
> > integrity, right ? or am I missing something ?
> >
> > Thanks,
> > Nandana
> >
>

Re: authentication with X509 certs

Posted by Dietmar Gaertner <di...@bluehash.de>.

Hi Nandana,

Yes, that's right, but I'm looking for some additional functionality. I should phrase my question more specific:
On successful authentication  (with whatever method - HTTP auth, usename token, X509, SAML, Kerberos?)
I'd like to generate some custom credentials that are used later on to (re-)authenticate with the backend systems
that the Web service invokes. Rampart supports a password callback handler for username token that I can use
for that purpose. What mechanisms does Rampart offer to hook in such a processing when HTTP-, X509- or
SAML authentication is done?

Thanks, Dietmar

----- Original Message ----- 
From: "Nandana Mihindukulasooriya" <na...@gmail.com>
To: <ra...@ws.apache.org>
Sent: Sunday, December 30, 2007 9:41 AM
Subject: Re: authentication with X509 certs


> Hi Dietmar,
> 
> Does Rampart/WSS4J offer some authentication method using X509
>> certificates?
> 
> 
> If we use a digital signature with X509 certificate, it provides us
> authentication +
> integrity, right ? or am I missing something ?
> 
> Thanks,
> Nandana
>

Re: authentication with X509 certs

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Dietmar,

 Does Rampart/WSS4J offer some authentication method using X509
> certificates?


If we use a digital signature with X509 certificate, it provides us
authentication +
integrity, right ? or am I missing something ?

Thanks,
Nandana