You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Hardev Sian <ha...@yahoo.com.au> on 2008/02/29 02:10:18 UTC
SAML token insertion using ServiceClient class.
Hi,
Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class.
Regards,
Hardev
---------------------------------
Get the name you always wanted with the new y7mail email address.
Re: SAML token insertion using ServiceClient class.
Posted by Nuria Rodríguez García <nu...@gmail.com>.
Hi Hardev,
We have an example that may help you (we don´t know exactly if is the same
case):
We invoke a STS service that provide us with a SAML token into a Token
object.
After this, we invoke the Service Provider using the SAML token obtained
previously.
>>>>>>>>>You can do this with these lines of code:
Token responseToken = getSecurityResponseToken(context, policysec, stsEPR,
properties);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());context, policysec, stsEPR, properties);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId)); KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());
>>>>>>>>>>>>>And use the service client including these options.
sender = new ServiceClient(ctx, null);new ServiceClient(ctx, null);
sender.setOptions(options);
>>>>>>>>>>>>>where the method getSecurityResponseToken is the following:
private Token getSecurityResponseToken(ConfigurationContext ctx, Policy
servicePolicy, String stsEPR, Properties properties) throws
CTLDataException{
Token responseToken=null;
STSClient stsClient;
try {
Policy stsPolicy = loadPolicy(properties,properties.getProperty(
ConstantsUtils.STSPOLICY));
stsClient = new STSClient(ctx);
stsClient.setRstTemplate(getRSTTemplate());
String action = TrustUtil.getActionValue(ConstantsUtils.RAHASVERSION,
RahasConstants.RST_ACTION_ISSUE);
stsClient.setAction(action);
responseToken = stsClient.requestSecurityToken(servicePolicy, stsEPR,
stsPolicy, null);
} catch (TrustException e) {
logger.error(e.getMessage() + ". Not possible to obtain security token");
} catch (Exception e) {
logger.error(e.getMessage() + ". Not possible to obtain security token");
}
return responseToken;
}
You have to take into account that the service will be invoked inmediately
after the STS is received.
We hope this helps,
good luck!
Re: SAML token insertion using ServiceClient class.
Posted by Dimuthu Leelarathne <mu...@apache.org>.
Hi,
Converting back and forth between SAMLAssertion and DOM is an easy task.
Use the following methods.
SAMLAssertion:toDOM();
SAMLAssertion assertion = new SAMLAssertion(inputStream);
Thanks,
Dimuthu
On Wed, 2008-03-12 at 16:44 +0100, Nuria Rodríguez García wrote:
> Hi Nandana and Dimuthu, thanks for your comments,
> We have a more complex problem because we can manage/store only DOM
> elements in our Database (instead of Token elements) and would like to
> generate a Token from an assertion.
>
> We mean that we would like to do the following:
> 1) obtain a SAML assertion from the Token object (which has been
> obtained from the STS).
> 2) Save or change this SAML assertion as XML with a tool (without
> saving the Token object)
> (we have done the steps 1 and 2)
> 3) After this, in a different context, create a new Token from a SAML
> assertion that has been previously saved and use it in a new context
> sending it to the Service Provider.
> Could it be possible to do this?
>
> Thanks,
> Nuria
>
> 2008/3/12, Nandana Mihindukulasooriya <na...@gmail.com>:
> Hi Nuria,
> You can implement a persistent token storage for this
> scenario. So that you can persist the tokens you obtain and
> later use
> them. Currently Rampart uses SimpleTokenStore which doesn't
> persist
> tokens. To understand how Rampart store a SimpleTokenStore in
> the
> configuration context, take a look at the getTokenStore()
> method in
> the TrustUtil class [1]. You can also persist the token
> element in the
> response in a file or database and create a token from it
> later when
> needed. How create a token from the token element can be found
> in
> processIssueResponse() method in the STSClient class [2].
> WSO2 WSAS has implemented a persistent token store
> which can
> be found at SecurityTokenStore [2]. You can also take a look
> at it.
>
> thanks,
> /nandana
>
> [1] -
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
> [2] -
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
> [3] -
> https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SAML token insertion using ServiceClient class.
Posted by Nuria Rodríguez García <nu...@gmail.com>.
Hi Nandana and Dimuthu, thanks for your comments,
We have a more complex problem because we can manage/store only DOM elements
in our Database (instead of Token elements) and would like to generate a
Token from an assertion.
We mean that we would like to do the following:
1) obtain a SAML assertion from the Token object (which has been obtained
from the STS).
2) Save or change this SAML assertion as XML with a tool (without saving the
Token object)
(we have done the steps 1 and 2)
3) After this, in a different context, create a new Token from a SAML
assertion that has been previously saved and use it in a new context sending
it to the Service Provider.
Could it be possible to do this?
Thanks,
Nuria
2008/3/12, Nandana Mihindukulasooriya <na...@gmail.com>:
>
> Hi Nuria,
> You can implement a persistent token storage for this
> scenario. So that you can persist the tokens you obtain and later use
> them. Currently Rampart uses SimpleTokenStore which doesn't persist
> tokens. To understand how Rampart store a SimpleTokenStore in the
> configuration context, take a look at the getTokenStore() method in
> the TrustUtil class [1]. You can also persist the token element in the
> response in a file or database and create a token from it later when
> needed. How create a token from the token element can be found in
> processIssueResponse() method in the STSClient class [2].
> WSO2 WSAS has implemented a persistent token store which can
> be found at SecurityTokenStore [2]. You can also take a look at it.
>
> thanks,
> /nandana
>
> [1] -
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
> [2] -
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
> [3] -
> https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: SAML token insertion using ServiceClient class.
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Nuria,
You can implement a persistent token storage for this
scenario. So that you can persist the tokens you obtain and later use
them. Currently Rampart uses SimpleTokenStore which doesn't persist
tokens. To understand how Rampart store a SimpleTokenStore in the
configuration context, take a look at the getTokenStore() method in
the TrustUtil class [1]. You can also persist the token element in the
response in a file or database and create a token from it later when
needed. How create a token from the token element can be found in
processIssueResponse() method in the STSClient class [2].
WSO2 WSAS has implemented a persistent token store which can
be found at SecurityTokenStore [2]. You can also take a look at it.
thanks,
/nandana
[1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
[2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
[3] - https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SAML token insertion using ServiceClient class.
Posted by Nuria Rodríguez García <nu...@gmail.com>.
Hi Nandana,
We are blocked in a similar case with a special scenario. As we have
answered to Harvdev, we can send a SAML token received from a SAML authority
directly to a Service Provider.
But, we would like to invoke the Service Provider several times using a
unique SAML token obtained previously.
Would it be possible to include a known SAML token in a new context every
time we call a service provider?
How could we do this?
Many thanks again!!!!
Nuria
2008/3/3, Nandana Mihindukulasooriya <na...@gmail.com>:
>
> Hi Hardev,
> Can you please explain your scenario ? Do you want to add it
> to the SOAP header ( specifically security header ) ?
>
> thanks,
> /nandana
>
> On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian <ha...@yahoo.com.au>
> wrote:
> > Hi,
> >
> > Is it possible to insert a saml token which has been acquired from a
> third
> > party into the soap request using ServiceClient class.
> >
> > Regards,
> >
> > Hardev
> >
> > ________________________________
> > Get the name you always wanted with the new y7mail email address.
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: SAML token insertion using ServiceClient class.
Posted by Dimuthu Leelarathne <mu...@apache.org>.
Hi,
I can point to you some code that uses something called "Token
Storage" [1]
Thank you,
Dimuthu
[1]
https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java
On Wed, 2008-03-12 at 11:14 +0100, Lasse Tyrihjell wrote:
> Hi!
> I have a very related issue. I receive an encrypted SAML-token from a
> third party, and I want to add it manually to the Security header using
> the ServiceClient class.
>
> Is this possible?
>
> Is it necessary to decrypt the data before inserting it into the
> Security header?
>
> -LT
>
> On Mon, 2008-03-03 at 20:46 +0530, Nandana Mihindukulasooriya wrote:
> > Hi Hardev,
> > Can you please explain your scenario ? Do you want to add it
> > to the SOAP header ( specifically security header ) ?
> >
> > thanks,
> > /nandana
> >
> > On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian <ha...@yahoo.com.au> wrote:
> > > Hi,
> > >
> > > Is it possible to insert a saml token which has been acquired from a third
> > > party into the soap request using ServiceClient class.
> > >
> > > Regards,
> > >
> > > Hardev
> > >
> > > ________________________________
> > > Get the name you always wanted with the new y7mail email address.
> >
> > http://nandana83.blogspot.com/
> > http://nandanasm.wordpress.com/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SAML token insertion using ServiceClient class.
Posted by Lasse Tyrihjell <ty...@colibria.com>.
Hi!
I have a very related issue. I receive an encrypted SAML-token from a
third party, and I want to add it manually to the Security header using
the ServiceClient class.
Is this possible?
Is it necessary to decrypt the data before inserting it into the
Security header?
-LT
On Mon, 2008-03-03 at 20:46 +0530, Nandana Mihindukulasooriya wrote:
> Hi Hardev,
> Can you please explain your scenario ? Do you want to add it
> to the SOAP header ( specifically security header ) ?
>
> thanks,
> /nandana
>
> On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian <ha...@yahoo.com.au> wrote:
> > Hi,
> >
> > Is it possible to insert a saml token which has been acquired from a third
> > party into the soap request using ServiceClient class.
> >
> > Regards,
> >
> > Hardev
> >
> > ________________________________
> > Get the name you always wanted with the new y7mail email address.
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SAML token insertion using ServiceClient class.
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Hardev,
Can you please explain your scenario ? Do you want to add it
to the SOAP header ( specifically security header ) ?
thanks,
/nandana
On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian <ha...@yahoo.com.au> wrote:
> Hi,
>
> Is it possible to insert a saml token which has been acquired from a third
> party into the soap request using ServiceClient class.
>
> Regards,
>
> Hardev
>
> ________________________________
> Get the name you always wanted with the new y7mail email address.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org