axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anne Thomas Manes" <atma...@gmail.com>
Subject Re: SAML in message response body
Date Tue, 06 Jun 2006 12:50:20 GMT
Why are you adding a <samlp:Response> element to the message? I would only
expect to see this element when you're using the SAML protocol to request a
SAML token from a SAML provider, and in that case, I would expect the SAML
response to be returned in the Body--but you should not return your
<lmco:authenticateResponse> in the same Body.

If your goal is to return a SAML authentication assertion with the
<lmco:authenticateResponse>, then you should do so using a WS-Security
header and a SAML token. (i.e, don't use the SAML protocol).

See http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf

Alternatively, you could define your <lmco:authenticationResponse> element
to contain the <samlp:Response> (assuming the application wants to
manipulate the SAML assertion).

Anne

On 6/5/06, Flores, Raul <raul.flores@lmco.com> wrote:
>
>  I built an axis client/service which adds a SAMLResponse to an outgoing
> message's soap body (see below).  The wsdl for this service has no reference
> to the SAML part of the response.  My question is: Can I get the client to
> ignore the SAML in this response? Currently the client throws exceptions
> (deserializer trying to parse the SAML). I believe this is due to the
> namespaces.
>
> Is the normal way of dealing with this a handler, and the handler removes
> the SAML message parts?
>
>
> <?xml version="1.0" encoding="utf-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
>
> <soapenv:Body>
> <samlp:Response InResponseTo="samlRequestId"
> IssueInstant="2006-06-05T15:13:09.791Z" MajorVersion="1" MinorVersion="1"
> ResponseID="_79bea274618ceea7c1a608606ceacd40"
> xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
>
> <samlp:Status>
> <samlp:StatusCode Value="samlp:Responder"/>
> <samlp:StatusMessage>you did it this time</samlp:StatusMessage>
> </samlp:Status>
> <saml:Assertion AssertionID="_1f5c1843b3d8c8cf1f300c35e6466a2a"
> IssueInstant="2006-06-05T15:13:09.791Z" Issuer="statementIssuer"
> MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:
> 1.0:assertion">
>
> <saml:AuthenticationStatement AuthenticationInstant="2006-06-05T15:13:
> 09.244Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
>
> <saml:Subject>
> <saml:NameIdentifier NameQualifier="www.lockheed.com
> ">uid=p0</saml:NameIdentifier>
> <saml:SubjectConfirmation>
> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact
> </saml:ConfirmationMethod>
> </saml:SubjectConfirmation>
> </saml:Subject>
> </saml:AuthenticationStatement>
> </saml:Assertion>
> </samlp:Response>
> <authenticateResponse xmlns="http://saml.ras.lmco.com/samlService/">
> <operationStatus>
> <message>allowed</message>
> <methodStatus>true</methodStatus>
> </operationStatus>
> </authenticateResponse>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
> Thanks,
>
> Raul Flores
> Lockheed Martin Aeronautics Company
>
>

Mime
View raw message