You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Brian Woo <br...@sjrb.ca> on 2005/11/18 23:55:00 UTC
SAML code samples...
Hi,
I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
Thanks very much for your help,
Brian
======================================
Brian Woo
Regional Services, Engineering
SHAW ) Communications
Suite 800, 630 3rd Ave SW
Calgary AB, T2P 4L4
Phone: (403) 750-4648
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Davanum Srinivas <da...@gmail.com>.
Please see below:
On 11/21/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
>
> Dims,
>
> Sorry for the delay in responding. Most of our wss4j work was a simple
> static wrapper/subclass of the DoAllSender/Receiver classes to allow saml
> tokens, parameters, and keystores to be easily passed into wss4j rather
> than specifying them in property files. As it's pretty integrated into
> our other code, i'm not too sure how easy it would be to seperate it into
> something useful.
Ok.
> The SAML generation is just a 3rd party web service call that returns a
> token which is then shoved into wss4j. I can probably supply patches that
> would allow a client to insert saml tokens into MessageContext prior to
> sending, or allow token retrieval via callback with relative ease if it's
> useful.
That would be wonderful. thanks.
> -Mike
>
> On Fri, 18 Nov 2005, Davanum Srinivas wrote:
>
> > Mike,
> >
> > could we get some patches? to get external issuer working with current codebase?
> >
> > thanks,
> > dims
> >
> > On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
> >> SAML works, however if you want to use an external issuer, you will need
> >> to subclass WSDoallSender/Receiver to supply your own assertions to
> >> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
> >>
> >> Another issue that I ran into using SAML in wss4j is that for
> >> holder-of-key, you will need to check client assertions against message
> >> signing information manually. There is no check to make sure all
> >> signatures in the assertion match up, just that an assertion is present.
> >>
> >> I have some stuff posted online that may be useful.
> >> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
> >> mainly geared towards our project requirements though.
> >>
> >> -Mike
> >>
> >> Brian Woo wrote:
> >>> Hi,
> >>>
> >>> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
> >>>
> >>>
> >>> Thanks very much for your help,
> >>>
> >>> Brian
> >>>
> >>>
> >>>
> >>> ======================================
> >>> Brian Woo
> >>> Regional Services, Engineering
> >>> SHAW ) Communications
> >>> Suite 800, 630 3rd Ave SW
> >>> Calgary AB, T2P 4L4
> >>> Phone: (403) 750-4648
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> > --
> > Davanum Srinivas : http://wso2.com/blogs/
> >
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Davanum Srinivas <da...@gmail.com>.
Please see below:
On 11/21/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
>
> Dims,
>
> Sorry for the delay in responding. Most of our wss4j work was a simple
> static wrapper/subclass of the DoAllSender/Receiver classes to allow saml
> tokens, parameters, and keystores to be easily passed into wss4j rather
> than specifying them in property files. As it's pretty integrated into
> our other code, i'm not too sure how easy it would be to seperate it into
> something useful.
Ok.
> The SAML generation is just a 3rd party web service call that returns a
> token which is then shoved into wss4j. I can probably supply patches that
> would allow a client to insert saml tokens into MessageContext prior to
> sending, or allow token retrieval via callback with relative ease if it's
> useful.
That would be wonderful. thanks.
> -Mike
>
> On Fri, 18 Nov 2005, Davanum Srinivas wrote:
>
> > Mike,
> >
> > could we get some patches? to get external issuer working with current codebase?
> >
> > thanks,
> > dims
> >
> > On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
> >> SAML works, however if you want to use an external issuer, you will need
> >> to subclass WSDoallSender/Receiver to supply your own assertions to
> >> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
> >>
> >> Another issue that I ran into using SAML in wss4j is that for
> >> holder-of-key, you will need to check client assertions against message
> >> signing information manually. There is no check to make sure all
> >> signatures in the assertion match up, just that an assertion is present.
> >>
> >> I have some stuff posted online that may be useful.
> >> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
> >> mainly geared towards our project requirements though.
> >>
> >> -Mike
> >>
> >> Brian Woo wrote:
> >>> Hi,
> >>>
> >>> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
> >>>
> >>>
> >>> Thanks very much for your help,
> >>>
> >>> Brian
> >>>
> >>>
> >>>
> >>> ======================================
> >>> Brian Woo
> >>> Regional Services, Engineering
> >>> SHAW ) Communications
> >>> Suite 800, 630 3rd Ave SW
> >>> Calgary AB, T2P 4L4
> >>> Phone: (403) 750-4648
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >>
> >>
> >
> >
> > --
> > Davanum Srinivas : http://wso2.com/blogs/
> >
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
Dims,
Sorry for the delay in responding. Most of our wss4j work was a simple
static wrapper/subclass of the DoAllSender/Receiver classes to allow saml
tokens, parameters, and keystores to be easily passed into wss4j rather
than specifying them in property files. As it's pretty integrated into
our other code, i'm not too sure how easy it would be to seperate it into
something useful.
The SAML generation is just a 3rd party web service call that returns a
token which is then shoved into wss4j. I can probably supply patches that
would allow a client to insert saml tokens into MessageContext prior to
sending, or allow token retrieval via callback with relative ease if it's
useful.
-Mike
On Fri, 18 Nov 2005, Davanum Srinivas wrote:
> Mike,
>
> could we get some patches? to get external issuer working with current codebase?
>
> thanks,
> dims
>
> On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
>> SAML works, however if you want to use an external issuer, you will need
>> to subclass WSDoallSender/Receiver to supply your own assertions to
>> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
>>
>> Another issue that I ran into using SAML in wss4j is that for
>> holder-of-key, you will need to check client assertions against message
>> signing information manually. There is no check to make sure all
>> signatures in the assertion match up, just that an assertion is present.
>>
>> I have some stuff posted online that may be useful.
>> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
>> mainly geared towards our project requirements though.
>>
>> -Mike
>>
>> Brian Woo wrote:
>>> Hi,
>>>
>>> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
>>>
>>>
>>> Thanks very much for your help,
>>>
>>> Brian
>>>
>>>
>>>
>>> ======================================
>>> Brian Woo
>>> Regional Services, Engineering
>>> SHAW ) Communications
>>> Suite 800, 630 3rd Ave SW
>>> Calgary AB, T2P 4L4
>>> Phone: (403) 750-4648
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
Dims,
Sorry for the delay in responding. Most of our wss4j work was a simple
static wrapper/subclass of the DoAllSender/Receiver classes to allow saml
tokens, parameters, and keystores to be easily passed into wss4j rather
than specifying them in property files. As it's pretty integrated into
our other code, i'm not too sure how easy it would be to seperate it into
something useful.
The SAML generation is just a 3rd party web service call that returns a
token which is then shoved into wss4j. I can probably supply patches that
would allow a client to insert saml tokens into MessageContext prior to
sending, or allow token retrieval via callback with relative ease if it's
useful.
-Mike
On Fri, 18 Nov 2005, Davanum Srinivas wrote:
> Mike,
>
> could we get some patches? to get external issuer working with current codebase?
>
> thanks,
> dims
>
> On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
>> SAML works, however if you want to use an external issuer, you will need
>> to subclass WSDoallSender/Receiver to supply your own assertions to
>> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
>>
>> Another issue that I ran into using SAML in wss4j is that for
>> holder-of-key, you will need to check client assertions against message
>> signing information manually. There is no check to make sure all
>> signatures in the assertion match up, just that an assertion is present.
>>
>> I have some stuff posted online that may be useful.
>> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
>> mainly geared towards our project requirements though.
>>
>> -Mike
>>
>> Brian Woo wrote:
>>> Hi,
>>>
>>> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
>>>
>>>
>>> Thanks very much for your help,
>>>
>>> Brian
>>>
>>>
>>>
>>> ======================================
>>> Brian Woo
>>> Regional Services, Engineering
>>> SHAW ) Communications
>>> Suite 800, 630 3rd Ave SW
>>> Calgary AB, T2P 4L4
>>> Phone: (403) 750-4648
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Davanum Srinivas <da...@gmail.com>.
Mike,
could we get some patches? to get external issuer working with current codebase?
thanks,
dims
On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
> SAML works, however if you want to use an external issuer, you will need
> to subclass WSDoallSender/Receiver to supply your own assertions to
> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
>
> Another issue that I ran into using SAML in wss4j is that for
> holder-of-key, you will need to check client assertions against message
> signing information manually. There is no check to make sure all
> signatures in the assertion match up, just that an assertion is present.
>
> I have some stuff posted online that may be useful.
> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
> mainly geared towards our project requirements though.
>
> -Mike
>
> Brian Woo wrote:
> > Hi,
> >
> > I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
> >
> >
> > Thanks very much for your help,
> >
> > Brian
> >
> >
> >
> > ======================================
> > Brian Woo
> > Regional Services, Engineering
> > SHAW ) Communications
> > Suite 800, 630 3rd Ave SW
> > Calgary AB, T2P 4L4
> > Phone: (403) 750-4648
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Davanum Srinivas <da...@gmail.com>.
Mike,
could we get some patches? to get external issuer working with current codebase?
thanks,
dims
On 11/18/05, Mike Smorul <to...@umiacs.umd.edu> wrote:
> SAML works, however if you want to use an external issuer, you will need
> to subclass WSDoallSender/Receiver to supply your own assertions to
> wss4j. Apart from that, SAML in wss4j is treated like a signed message.
>
> Another issue that I ran into using SAML in wss4j is that for
> holder-of-key, you will need to check client assertions against message
> signing information manually. There is no check to make sure all
> signatures in the assertion match up, just that an assertion is present.
>
> I have some stuff posted online that may be useful.
> http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
> mainly geared towards our project requirements though.
>
> -Mike
>
> Brian Woo wrote:
> > Hi,
> >
> > I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
> >
> >
> > Thanks very much for your help,
> >
> > Brian
> >
> >
> >
> > ======================================
> > Brian Woo
> > Regional Services, Engineering
> > SHAW ) Communications
> > Suite 800, 630 3rd Ave SW
> > Calgary AB, T2P 4L4
> > Phone: (403) 750-4648
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/blogs/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
SAML works, however if you want to use an external issuer, you will need
to subclass WSDoallSender/Receiver to supply your own assertions to
wss4j. Apart from that, SAML in wss4j is treated like a signed message.
Another issue that I ran into using SAML in wss4j is that for
holder-of-key, you will need to check client assertions against message
signing information manually. There is no check to make sure all
signatures in the assertion match up, just that an assertion is present.
I have some stuff posted online that may be useful.
http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
mainly geared towards our project requirements though.
-Mike
Brian Woo wrote:
> Hi,
>
> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
>
>
> Thanks very much for your help,
>
> Brian
>
>
>
> ======================================
> Brian Woo
> Regional Services, Engineering
> SHAW ) Communications
> Suite 800, 630 3rd Ave SW
> Calgary AB, T2P 4L4
> Phone: (403) 750-4648
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: SAML code samples...
Posted by Mike Smorul <to...@umiacs.umd.edu>.
SAML works, however if you want to use an external issuer, you will need
to subclass WSDoallSender/Receiver to supply your own assertions to
wss4j. Apart from that, SAML in wss4j is treated like a signed message.
Another issue that I ran into using SAML in wss4j is that for
holder-of-key, you will need to check client assertions against message
signing information manually. There is no check to make sure all
signatures in the assertion match up, just that an assertion is present.
I have some stuff posted online that may be useful.
http://narawiki.umiacs.umd.edu/twiki/bin/view/Lab/SamlTutorial It's
mainly geared towards our project requirements though.
-Mike
Brian Woo wrote:
> Hi,
>
> I am looking for some sample code to implement a SAML-enabled server & client with WSS4J. However, I can't seem to find any. I have tried the UsernameToken example and it works fine, that's great. But, is WSS4J even ready for SAML? Or it's still under development? Can someone give me some advice?
>
>
> Thanks very much for your help,
>
> Brian
>
>
>
> ======================================
> Brian Woo
> Regional Services, Engineering
> SHAW ) Communications
> Suite 800, 630 3rd Ave SW
> Calgary AB, T2P 4L4
> Phone: (403) 750-4648
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org