axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nuria Rodríguez García" <nuria....@gmail.com>
Subject Re: SAML with Axis2
Date Fri, 22 Feb 2008 11:10:40 GMT
Hello Nandana:

 Thank you very much for your information.

 In the last email you told me about the two scenarios that RAMPART/RAHAS
covers.

I don't understand what the meaning of each one of these bindings is. Could
you explain a little more about these scenarios?

In a document I read that there are two ways to obtain saml token.

Is this possible with rampart/rahas? The two ways are the following:


  *Security Token Acquisition*




*Issued Security Token*


Thanks, Nuria






2008/2/19, Nandana Mihindukulasooriya <nandana.cse@gmail.com>:
> Hi Nuria,
>
> > A client accessing a WebService, and a SAML Authority (STS):
> >
> > 1) Have the client and the web Service to access to the same SAML
Authority?
> > (I have read anywhere that the SAML Authority only can be of STS type).
>
> Client needs access to the STS as it requires to get tokens from the STS.
And
> Client <---> STS and
> STS    <---> Web
> must trust each other. Sometimes service don't need to access the STS
> to validate the SAML token. In the examples of Rampart, service itself
> validates the SAML token and it doesn't access the STS. But there is a
> pre configured trust between the STS and the service.
>
> > 2) Covers RAHAS all the scenarios of SAML interaction between these
actors
> > or there are any limitations currently?
>
> RAMPART/RAHAS can use SAML token as a supporting token and as a
> protection token. So those two scenarios are pretty covered.
> WS Trust specification defines four bindings. Namely Issue , Validate,
> Renew, Cancel bindings. At the moment, Rampart only facilitate Issue
> and Cancel bindings. But we may be able to get the other two bindings
> working before the next release of Apache Rampart.
>
> thanks,
> /nandana
>
>
>
>
> > 2008/2/14, Nandana Mihindukulasooriya <nandana.cse@gmail.com>:
> >
> > > Hi Jens,
> > >   Not at the moment. But we will include a one before next release.
> > >
> > > thanks,
> > > nandana
> > >
> > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer
> > > <goldhammerdev@googlemail.com> wrote:
> > > >
> > > >  Hello Nunny,
> > > >
> > > >  is there any sample available where the SAML token can be used as a
> > > >  protection token for signing and encrypting messages?
> > > >
> > > >  Thanks,
> > > >  Jens
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >  Nunny wrote:
> > > >  >
> > > >  > Hi Nuria,
> > > >  >
> > > >  >> I've some doubts about SAML with axis2. I need to know if the
> > sample05
> > > >  >> covers all the the SAML cases.
> > > >  >
> > > >  > No, it covers only one scenario. For example, this uses SAML
token as
> > a
> > > >  > supporting token. There is another scenarios where SAML token can
be
> > > >  > used as a protection token where it will be used to sign and
encrypt
> > > >  > messages.
> > > >  >
> > > >  >
> > > >  >
> > > >  >> We first receive the SAML token response then we indicate, in
the
> > options
> > > >  >> the responseToken id
> > > >  >> I don't know where we are sending to the server the SAML
assertion
> > in the
> > > >  >> soapMessage
> > > >  >
> > > >  > When the id is set, Rampart message builders add the assertion to
the
> > > >  > security
> > > >  > header according to the security policy. If you monitor the
messages
> > > >  > exchanged
> > > >  > through TCPMon, then you can actually see the SAML assertion in
the
> > > >  > security
> > > >  > header of the SOAP request to the service.
> > > >  >
> > > >  >> Another thing is to know what are the requestSecurityToken
> > parameters.
> > > >  >
> > > >  > In the client, we set these parameters using RST template.
> > > >  >
> > > >  >     private static OMElement getRSTTemplate() throws Exception {
> > > >  >       OMFactory fac = OMAbstractFactory.getOMFactory();
> > > >  >       OMElement elem =
> > > >  > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE
);
> > > >  >       TrustUtil.createTokenTypeElement(
RahasConstants.VERSION_05_02,
> > > >  > elem).setText(RahasConstants.TOK_TYPE_SAML_10);
> > > >  >       TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02
,
> > elem,
> > > >  > RahasConstants.KEY_TYPE_PUBLIC_KEY);
> > > >  >       TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02
,
> > elem, 256);
> > > >  >       return elem;
> > > >  >     }
> > > >  >
> > > >  > These parameters are defined in the WS Trust specification [1].
> > > >  >
> > > >  > /nandana
> > > >  >
> > > >  > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
> > > >  >
> > > >  > http://nandana83.blogspot.com/
> > > >  > http://nandanasm.wordpress.com/
> > > >  >
> > > >
> > > > >
---------------------------------------------------------------------
> > > >  > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > >  > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >  >
> > > >  >
> > > >  >
> > > >
> > > >  --
> > > >  View this message in context:
> > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html
> > > >  Sent from the Axis - User mailing list archive at Nabble.com.
> > > >
> > > >
> > > >
> > > >
> > >
>  ---------------------------------------------------------------------
> > > >  To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > >  For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>

Mime
View raw message