You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Par Nagi <na...@gmail.com> on 2007/07/24 04:49:33 UTC
AXIS2: SAML example using Rahas
Hi,
I have seen a few posts/requests for SAML example(s) using Rahas. I
haven't seen anything concrete as responses - mostly along the lines
that code is documentation.
Does anyone have a simple example that illustrates how to use Rahas to
have uid/pwd or other credentials mapped to SAML tokens that can then
be passed to a Service?
Also, does Rahas have support to map SAML tokens to JAAS subjects
within an App server? If it doesn't any suggestions?
Appreciate any information.
- Nagi
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: AXIS2: SAML example using Rahas
Posted by Dimuthu <mu...@apache.org>.
Hi Nagi,
See my in-line reply.
On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote:
> Hi,
>
> I have seen a few posts/requests for SAML example(s) using Rahas. I
> haven't seen anything concrete as responses - mostly along the lines
> that code is documentation.
>
> Does anyone have a simple example that illustrates how to use Rahas to
> have uid/pwd or other credentials mapped to SAML tokens that can then
> be passed to a Service?f
We don't have this ability right now. I have sent a mail to rampart-dev
list about this.
> Also, does Rahas have support to map SAML tokens to JAAS subjects
> within an App server? If it doesn't any suggestions?
There is no straight forward way of doing this right now. SAML Token is
inside the WSSecurityResults. It can be obtained as follows. [1]
Regards,
Dimuthu.
[1]
Vector results = null;
if ((results = (Vector) msgCtx
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null)
{
throw new RuntimeException("No security results!!");
} else {
for (int i = 0; i < results.size(); i++) {
//Get hold of the WSHandlerResult instance
WSHandlerResult rResult = (WSHandlerResult)
results.get(i);
Vector wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
//Get hold of the WSSecurityEngineResult
instance
WSSecurityEngineResult wser =
(WSSecurityEngineResult)
wsSecEngineResults.get(j);
TAG_SAML_ASSERTION
int act =
((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
intValue();
if((act == WSConstants.ST_UNSIGNED) || (act ==
WSConstants.ST_SIGNED)) {
SAMLAssertion ass = (SAMLAssertion) wser
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
}
}
}
> Appreciate any information.
>
> - Nagi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: AXIS2: SAML example using Rahas
Posted by Dimuthu <mu...@apache.org>.
Hi Nagi,
A new sample was added to the current trunk under development[1].
Some documentation about the STS is available here[2].
All these will come out with the next release.
Regards,
Dimuthu
[1]https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample05/
[2]http://ws.apache.org/rampart/quick-start.html
On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote:
> Hi,
>
> I have seen a few posts/requests for SAML example(s) using Rahas. I
> haven't seen anything concrete as responses - mostly along the lines
> that code is documentation.
>
> Does anyone have a simple example that illustrates how to use Rahas to
> have uid/pwd or other credentials mapped to SAML tokens that can then
> be passed to a Service?
>
> Also, does Rahas have support to map SAML tokens to JAAS subjects
> within an App server? If it doesn't any suggestions?
>
> Appreciate any information.
>
> - Nagi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: AXIS2: SAML example using Rahas
Posted by Ruchith Fernando <ru...@apache.org>.
Sounds good ... and if the callback mechanism does not provide the
required attributes etc. we can try to obtain the values from the
original request.
Thanks,
Ruchith
Dimuthu wrote:
> Hi all,
>
>
> I suggest we can do the following improvements to the SAML issuer in
> Rahas.
>
> *For Attribute Assertion
> STS Administrator must be able to configure different Attributes. For
> retrieving data we can use the callback mechanism.
>
> *For Authenticating Assertion
> STS Administrator should be able to to configure different types of
> Subject NameIdentifiers such as
> emailAddress/X509SubjectName/Unspecified. For retrieving data we can use
> the callback mechanism.
>
> "saml-issuer-config" parameter must be modified accordingly.
>
> Then we can support the first situation below.
>
> Regards,
> Dimuthu.
>
>
> On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote:
>> Hi,
>>
>> I have seen a few posts/requests for SAML example(s) using Rahas. I
>> haven't seen anything concrete as responses - mostly along the lines
>> that code is documentation.
>>
>> Does anyone have a simple example that illustrates how to use Rahas to
>> have uid/pwd or other credentials mapped to SAML tokens that can then
>> be passed to a Service?
>>
>> Also, does Rahas have support to map SAML tokens to JAAS subjects
>> within an App server? If it doesn't any suggestions?
>>
>> Appreciate any information.
>>
>> - Nagi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>
>
Re: AXIS2: SAML example using Rahas
Posted by Dimuthu <mu...@apache.org>.
Hi all,
I suggest we can do the following improvements to the SAML issuer in
Rahas.
*For Attribute Assertion
STS Administrator must be able to configure different Attributes. For
retrieving data we can use the callback mechanism.
*For Authenticating Assertion
STS Administrator should be able to to configure different types of
Subject NameIdentifiers such as
emailAddress/X509SubjectName/Unspecified. For retrieving data we can use
the callback mechanism.
"saml-issuer-config" parameter must be modified accordingly.
Then we can support the first situation below.
Regards,
Dimuthu.
On Mon, 2007-07-23 at 22:49 -0400, Par Nagi wrote:
> Hi,
>
> I have seen a few posts/requests for SAML example(s) using Rahas. I
> haven't seen anything concrete as responses - mostly along the lines
> that code is documentation.
>
> Does anyone have a simple example that illustrates how to use Rahas to
> have uid/pwd or other credentials mapped to SAML tokens that can then
> be passed to a Service?
>
> Also, does Rahas have support to map SAML tokens to JAAS subjects
> within an App server? If it doesn't any suggestions?
>
> Appreciate any information.
>
> - Nagi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>