cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Morris Jr, David P" <david.p.morris...@lmco.com>
Subject CXF 2.4.0 SAML 2.0 support
Date Fri, 06 May 2011 17:37:21 GMT
I started researching the new CXF 2.4.0 interested primarily in the WSS4J and SAML 2.0 support.
Eventually we would like to migrate from our custom implementation of Open SAML 2.0 with CXF's
SAML 2.0 implementation. Updates to WS-* specifications will be handled by CXF and less code
for us to maintain.

Question: Can CXF 2.4.0 currently support the wsse:Security header attached? What areas are
still under development?

Thanks in advance!
________________________________
   <soap:Header>
      <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <ds:Signature Id="Signature-8" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#Timestamp-7">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>YtLledhlM4iksIPySqsaBvD+QC8=</ds:DigestValue>
               </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>MqJV0iG8UHD9U5iGRttnLw4J3sHgar7414w/d1JrG53TmmcHa7w1WWuQJvzmoUgHjfa1EHRtAh88
c707mFXUeg==</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-AB6E726865A429836C130348036689911">
               <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                  <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_6d2de2bb7800cc05774aee8d177f3068</wsse:KeyIdentifier>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
         </ds:Signature>
         <wsu:Timestamp wsu:Id="Timestamp-7" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2011-04-22T13:52:46.899Z</wsu:Created>
            <wsu:Expires>2011-04-29T13:52:46.899Z</wsu:Expires>
         </wsu:Timestamp>
         <saml2:Assertion ID="_6d2de2bb7800cc05774aee8d177f3068" IssueInstant="2011-04-22T13:52:47.133Z"
Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
            <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
               <ds:SignedInfo>
                  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                  <ds:Reference URI="#_6d2de2bb7800cc05774aee8d177f3068">
                     <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transforms>
                     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                     <ds:DigestValue>y7rnOVmGNYoyzjHKeRNuNw/HnYc=</ds:DigestValue>
                  </ds:Reference>
               </ds:SignedInfo>
               <ds:SignatureValue>EnU7dIXrkDNHPdiJFM8sT1PBSS9Qr68PRQU2iDRDx0l9q1bP7gJubPtTUC6V/PC00HVjjZEwxF/5CtVMiQpK8A==</ds:SignatureValue>
               <ds:KeyInfo>
                  <ds:KeyValue>
                     <ds:RSAKeyValue>
                        <ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy
vwf8I/UAcQ==</ds:Modulus>
                        <ds:Exponent>AQAB</ds:Exponent>
                     </ds:RSAKeyValue>
                  </ds:KeyValue>
               </ds:KeyInfo>
            </ds:Signature>
            <saml2:Subject>
               <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:NameID>
               <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                  <saml2:SubjectConfirmationData>
                     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:KeyValue>
                           <ds:RSAKeyValue>
                              <ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy
vwf8I/UAcQ==</ds:Modulus>
                              <ds:Exponent>AQAB</ds:Exponent>
                           </ds:RSAKeyValue>
                        </ds:KeyValue>
                     </ds:KeyInfo>
                  </saml2:SubjectConfirmationData>
               </saml2:SubjectConfirmation>
            </saml2:Subject>
            <saml2:AuthnStatement AuthnInstant="2011-04-22T13:52:47.133Z" SessionIndex="_6d2de2bb7800cc05774aee8d177f3068">
               <saml2:SubjectLocality Address="127.0.0.1" DNSName="localhost.domain.com"/>
               <saml2:AuthnContext>
                  <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml2:AuthnContextClassRef>
               </saml2:AuthnContext>
            </saml2:AuthnStatement>
            <saml2:AttributeStatement>
               <saml2:Attribute Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
                  <saml2:AttributeValue>Steven Cason</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
                  <saml2:AttributeValue>Lockheed Martin ONC-NHIN</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
                  <saml2:AttributeValue>urn:oid:9.8.7.6</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
                  <saml2:AttributeValue>urn:oid:HIO1_signed</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
                  <saml2:AttributeValue>
                     <hl7:Role hl7:code="307969004" hl7:codeSystem="2.16.840.1.113883.6.96"
hl7:codeSystemName="SNOMED_CT" hl7:displayName="Public health officer" xsi:type="CE" xmlns:hl7="urn:hl7-org:v3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
                  </saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
                  <saml2:AttributeValue>
                     <hl7:PurposeOfUse hl7:code="PUBLICHEALTH" hl7:codeSystem="2.16.840.1.113883.3.18.7.1"
hl7:codeSystemName="nhin-purpose" hl7:displayName="Uses and disclosures for public health
activities." xsi:type="CE" xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
                  </saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
                  <saml2:AttributeValue>6789^^^&amp;1.2.840.114350.1.13.9997.2.3412&amp;ISO</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
                  <saml2:AttributeValue>1234567890</saml2:AttributeValue>
               </saml2:Attribute>
            </saml2:AttributeStatement>
            <saml2:AuthzDecisionStatement Decision="Permit" Resource="https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService">
               <saml2:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc">Execute</saml2:Action>
               <saml2:Evidence>
                  <saml2:Assertion ID="_c02a5f8985141f6225763f7b5fc1bfc3" IssueInstant="2011-04-22T13:52:47.133Z"
Version="2.0">
                     <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer>
                     <saml2:Conditions NotBefore="2011-04-22T13:52:47.133Z" NotOnOrAfter="2011-04-29T13:52:47.133Z"/>
                     <saml2:AttributeStatement>
                        <saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                           <saml2:AttributeValue>urn:oid:1.2.3.4</saml2:AttributeValue>
                        </saml2:Attribute>
                        <saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                           <saml2:AttributeValue>urn:oid:1.2.3.4.123456789</saml2:AttributeValue>
                        </saml2:Attribute>
                     </saml2:AttributeStatement>
                  </saml2:Assertion>
               </saml2:Evidence>
            </saml2:AuthzDecisionStatement>
         </saml2:Assertion>
      </wsse:Security>
      <Action xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</Action>
      <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:38e27557-ae31-4afe-a2c8-cd334713cf7b</MessageID>
      <To soap:mustUnderstand="true" xmlns="http://www.w3.org/2005/08/addressing">https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService?wsdl</To>
      <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
         <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
      </ReplyTo>
   </soap:Header>



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message