axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Massimiliano Masi <>
Subject Axis2 and rampart design question
Date Fri, 05 Oct 2007 08:07:15 GMT
Hi all,

I am trying to setup a webservice that acts as WS-Trust STS with rampart.
I've a design question.

Clients sends the authentication claim in the wsse:Security element in the
header (claims such as Username/Password, SAML Tokens, Kerberos and
X.509 binary secrets). Based on the identity carried in this wsse:Security,
the STS decide to issue or not the security token (that is my own  
of SAML2).

Now I'm thinking: the wsse:Security element is detached by a module (that I
will write I think, to get all my claims processed). But, detaching the
header, I don't know anymore the identity of the user! So, I thought to
put in the header of the SOAP message something like
so the STS implementation can have the information on the identity of the
user (and can decide to issue a token).

Have you other ideas? Does it looks good for you? Have you any pattern?
I'll appreciate your hints!

Thank you!

This message was sent using IMP, the Internet Messaging Program.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message