axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <>
Subject Re: [Rampart/C] SAML Support?
Date Thu, 16 Aug 2007 12:03:10 GMT
I don't think obtaining a pointer of rampart_context would be useful here.
Let me show you a way to do this. For that you may follow these steps.
1. Define policy assertions in your client's policy file. You may see 
the section 6.3.8 of WS-SecurityPolicy specification[1].
2. You need to implement new functions in rampart context to interpret 
policy assertions (defined in step1).
3. Write a SAML assertion building module(e.g. in rampart_saml.c Just 
like in rampart_username_token.c)
4. Extend the rampart_shb_build_message() function to support inclusion 
of SAML tokens using the  SAML assertion building module.
If I understand your requirement correctly, you can get it done using 
attaching a new policy object(with different SAML related policies) for 
each and every call.
See the function axis2_svc_client_set_policy() in the echo sample. That 
way you can change the SAML token after every message. 
Further, if there are configurations, which cannot be supported only 
with assertions defined in the specification, you  may define 'em under 
<rampc:RampartConfig> in the client's policy.
HTH... :)


Jamie Lyon wrote:
> Thanks for the quick reply.
> Looking at the build_message function, I see no reason why I shouldn't
> be able to do it. However since you mention asking questions... I have a
> quick one for you.
> The username token is set in the rampart_context, which when using
> neethi_policy appears to be set when calling
> axis2_svc_client_set_policy?
> However, since I may potentially want to change the SAML token after
> every message, is it possible to somehow obtain a pointer to the
> rampart_context, so that things within it may be changed?
> How is this done with the username? Or is it not possible, and the
> username can only be set within a policy?
> Thanks,
> Jamie
>> -----Original Message-----
>> From: Kaushalye Kapuruge []
>> Sent: 16 August 2007 11:47
>> To: Apache AXIS C Developers List
>> Subject: Re: [Rampart/C] SAML Support?
>> Hi Jamie,
>> Rampart/C still doesn't have the SAML support. But it's definitely
>> something we have planned to do(Problem is when:) ).
>> If you like to have it implemented by yourself, only for the client
>> side, it's not that difficult. Please have a look at the function
>> rampart_shb_build_message() in src/util/rampart_sec_header_builder.c.
>> Also you may have to include few additional Rampart/C policy
> assertions.
>> As a guide, you may see how a Timestamp or a Username token is added
> to
>> the header. Feel free to drop questions here in the list, should you
>> need any assistance. Also we appreciate if you can share your
>> implementation with us.
>> Cheers,
>> Kaushalye
>> Jamie Lyon wrote:
>>> Hi,
>>> Does rampart/c support SAML yet? I have looked on the net and only
>>> found references to SAML support being implemented by July '07.
>>> I do not require any support for SAML server-side, just simply
>>> attaching a saml assertion (currently stored as an axiom_node_t*)
> into
>>> the security header.
>>> Is this currently possible?
>>> If not, how easy would it be to add support? I'm not quite sure how
> I
>>> would pass data to rampart so that a different SAML token could be
>>> attached to each message? Rampart seems fairly stand-alone.
>>> Any suggestions are welcome.
>>> Cheers,
>>> Jamie
>> --
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message