You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Edson Camargo <ca...@das.ufsc.br> on 2005/11/09 01:23:08 UTC
What the solution about last email: "using signed SAML tokens from
a third party" ?
Hi All,
I would know if was found a solution for this email, sent by David
Keppler, in 16 Aug 2004:
---------------------------------------------------------------------------------------------------------------
"Hi all,
I'm having a problem using the SAML token functionality of wss4j. My
overall application requires the web service to consume a SAML token
originating from and signed by a third-party authorization server.
I've written a custom extension of the SAMLIssuerImpl class that obtains
a signed SAML token from that out-of-band server and tries to send it
along as a security token in a WSS header to the end-point service. I'm
using the SAMLTokenUnsigned action to send the token as having the
client of the service sign the token is meaningless in my security model.
When my service client goes through it's invoke() everything works fine
up until the point at the end of WSDoAllSender.invoke() where
XMLUtils.outputDOM() is called. At this point I get a null pointer
exception from somewhere very deep in xmlsec's canonicalization routine.
This happens only when I try to send a SAML token that already has an
xmlsec signature attached to it from the auth server. If I strip this
signature out before sending the request, everything works fine.
Unfortunately, stripping the signature out pretty much defeats the
purpose of using the token as a security measure in the first place. I
understand the SAML support in wss4j so far is very preliminary, but
does anyone have a suggested work-around?"
-----------------------------------------------------------------------------------------------
The difference is that I receive a SAMLToken issued by a STS, but I
found the same problem when use the
WSSAddSAMLToken builder = new WSSAddSAMLToken();
Document tokendoc = builder.build(doc,samlToken); // *samltoken *is
signed by a third party
I am using the xmlsec-1.2.96-dev.jar.
Please, someone could help me?
Thanks in advance,
Edson
Master Degree Student
LCMI / DAS / UFSC
88.040-900 - Brazil - Florianópolis - SC
http://www.das.ufsc.br
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org