axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christina Larocca" <christina.laro...@gmail.com>
Subject Re: [Axis2] SAML security tokens generation
Date Tue, 14 Aug 2007 14:47:07 GMT
Thanks for your quick response. I'm going to put the examples to work.

Regards.

Christina.

2007/8/14, Ruchith Fernando <ruchith.fernando@gmail.com>:
>
> Hi Christina,
>
> Rampart supports adding SAML Tokens to the security header in the
> policy based implementation. You can see an example here :
>
> http://marc.info/?l=axis-user&m=118665642802630&w=2
>
> By the way note that this requires the service to express it
> requirements in policy and this sample uses the token acquired from
> the Security Token Service to encrypt and sign the message.
>
> I'm not sure what you mean by "...SAML tokens with encryption of the
> user name and signature will be used ...". Please check whether the
> above sample fits your requirement.
>
> Thanks,
> Ruchith
>
> On 8/14/07, Christina Larocca <christina.larocca@gmail.com> wrote:
> > Hi all Axis2 users:
> >
> > I have been managing some web services using UsernameTokens (without
> using
> > rampart) to convey identities. I've a client that connects to a Token
> issuer
> > service that provides it an EndpointReference and the Username token
> needed
> > to authenticate. Now I must remodelate the security of the whole model
> and
> > instead of that, SAML tokens with encryption of the user name and
> signature
> > will be used. The last axis2 version I've been using was the 1.1 and now
> I'm
> > thinking about updating to the newest one and start using rampart.
> >
> > I have read that, unfortunatelly, Rampart itself can't be configured to
> add
> > the SAML token to the Security header and that it delegates those
> functions
> > to a STS called Rahas. The documentation I found about Rahas is very
> weak
> > and despite my experience I don't have a clue about where or how to
> start.
> > Could anyone indicate me where to find a good tutorial or use examples?
> Or,
> > even better, could anyone show me some code to generate the tokens? If
> it's
> > possible, I would prefer to config rahas with code instead of creating
> text
> > config files.
> >
> > Thanks in advance.
> >
> > Christina.
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>

Mime
View raw message