axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Stanchev" <>
Subject RE: single sign on with axis2
Date Fri, 17 Nov 2006 00:12:20 GMT
Hi Rishi,
How is your user authenticating against the LDAP? Simple password based
or some kind of certificate based authentication?
You will need to establish trust between your Server A and Server B
You can use an X509 certificate or simple public/private key pair which
you need to
exchange. Once Server B knows and trusts Server A, then you can issue
ServerA->ServerB request with either UsernameToken or SAMLTokenSigned
In the first case you can sign the message or portion of your message
the token with ServerA's certificate that was used to establish the
In second case, you can just sign the SAML token with that certificate
public key). The ServerB then would have to check if the certificate is
and trust the Principle relayed via the token.
As far as what token type to use - depends what Principle claims you
have to
supply. UsernameToken is good about relying usernames but thats about
it. With
SAML you can add additional claims in the token.
Both those scenarios are supported by Axis2/rampart, however you still
have to
do the handling on your ServerB to determine if the incoming message was
by trusted authority.
Axis2/rampart allows dynamic configurations - look at the user's manual
to see
how you can do it.


From: Rishi krish [] 
Sent: Thursday, November 16, 2006 2:53 PM
Subject: single sign on with axis2

I am new to axis2 and am trying to figure out whats the best approach
for this scenario:
The user logs in to a j2ee application running in a j2ee server [say
Weblogic/Websphere]. The user is validated using a LDAP server [the j2ee
server handles that part] and after the authentication we have a user
Principal. Now the user need to invoke a Web service hosted by another
server [j2ee or .net] which uses the same LDAP repository for
authentication. I am developing the web service client using the
ServiceClient class in axis2 and the code is sitting in the first
server. I am at loss as to what kind of security token should I use to
communicate with the Web service. I have to pass the Principal
information to the other side and not sure whether to use the
UserNameToken. The problem here is I dont beleive the Principal has any
info abt the password and that makes me beleive that I cannot use
UserNameToken. OR should I use SAML token and if thats the case I have
no idea where to get info to set up a SAML token using the ServiceClient
api. OR Axis2 ServiceClient api does not support this scenario. 
Also along side I had another question - All the samples for
UserNameToken shows the userid preconfigured in the clients axis2.xml.
Can the userid be fed to the ServiceClient api programmatically. What I
am trying to acheive is dynamic userid [which might change per
invocation] and not a static preconfigured one. Though this will not
help me in the above singlesign on scenario OR may be it will - pls


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.

View raw message