You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Dietmar Gärtner (bluehash)" <di...@bluehash.de> on 2007/12/27 20:32:41 UTC
authentication with X509 certs
Hi,
Does Rampart/WSS4J offer some authentication method using X509 certificates?
While authentication with username token is documented and shown in samples, I can't
find doc and samples for message level authentication with X509 certs or SAML tokens.
Thanks,
Dietmar
Re: authentication with X509 certs
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Dietmar,
I still don't get the scenario very clearly.
On successful authentication (with whatever method - HTTP auth, usename
> token, X509, SAML, Kerberos?)
> I'd like to generate some custom credentials that are used later on to
> (re-)authenticate with the backend systems
> that the Web service invokes.
Will WS - Trust [1] or WS - Secure Conversation [2] suit your requirement ?
[1] - http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
[2] - http://specs.xmlsoap.org/ws/2005/02/sc/WS-SecureConversation.pdf
Thanks,
Nandana
>
> ----- Original Message -----
> From: "Nandana Mihindukulasooriya" <na...@gmail.com>
> To: <ra...@ws.apache.org>
> Sent: Sunday, December 30, 2007 9:41 AM
> Subject: Re: authentication with X509 certs
>
>
> > Hi Dietmar,
> >
> > Does Rampart/WSS4J offer some authentication method using X509
> >> certificates?
> >
> >
> > If we use a digital signature with X509 certificate, it provides us
> > authentication +
> > integrity, right ? or am I missing something ?
> >
> > Thanks,
> > Nandana
> >
>
Re: authentication with X509 certs
Posted by Dietmar Gaertner <di...@bluehash.de>.
Hi Nandana,
Yes, that's right, but I'm looking for some additional functionality. I should phrase my question more specific:
On successful authentication (with whatever method - HTTP auth, usename token, X509, SAML, Kerberos?)
I'd like to generate some custom credentials that are used later on to (re-)authenticate with the backend systems
that the Web service invokes. Rampart supports a password callback handler for username token that I can use
for that purpose. What mechanisms does Rampart offer to hook in such a processing when HTTP-, X509- or
SAML authentication is done?
Thanks, Dietmar
----- Original Message -----
From: "Nandana Mihindukulasooriya" <na...@gmail.com>
To: <ra...@ws.apache.org>
Sent: Sunday, December 30, 2007 9:41 AM
Subject: Re: authentication with X509 certs
> Hi Dietmar,
>
> Does Rampart/WSS4J offer some authentication method using X509
>> certificates?
>
>
> If we use a digital signature with X509 certificate, it provides us
> authentication +
> integrity, right ? or am I missing something ?
>
> Thanks,
> Nandana
>
Re: authentication with X509 certs
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Dietmar,
Does Rampart/WSS4J offer some authentication method using X509
> certificates?
If we use a digital signature with X509 certificate, it provides us
authentication +
integrity, right ? or am I missing something ?
Thanks,
Nandana