cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: JAX-RS Client to handle SAML (+OAuth2) in SSO
Date Tue, 04 Nov 2014 22:14:25 GMT
Hi
On 04/11/14 18:09, rareddy wrote:
> Hi,
>
> I have a third party JAX-RS service that is secured through SAML,  I am
> trying to access this service through my java application. I have access to
> currently logged-in user's Subject. I am kind drawing blank on how I need to
> proceed. Should I build  a SAMLRequest envelope and send to the service?
> Obviously for me call back and human interaction with web-page is not
> possible. So, I thought I might need to have SAMLResponse to go along with
> my request based on Subject?
>
How exactly is that 3rd party service secured with SAML - does it expect 
an encoded SAML token in the header for example ?

Have a look at this example:
http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader

Given a Subject you can configure WebClient to produce a SAML token.
In that example, 
org.apache.cxf.systest.jaxrs.security.saml.SamlCallbackHandler (in 
systests/rs-security) would affect the way the assertion is built, in 
your case it can use the Subject properties to set the SAML assertion's 
Subject properties

> With OAuth2, same scenario, but I am trying to access SalesForce. I need to
> follow SAML2 Bearer as defined here
> http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html but not sure how I
> can get my hands on SAML Token?
>
It is quite similar, for example, see
http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html#JAXRSOAuth2Assertions-Clientcode

Again, the callback can use the Subject properties to set the SAML 
assertion's Subject properties

> I think I need a service, given Subject will provide me back with SAML
> token, but I would to delegate this responsibility to an IDP to do the task.
>
> Can somebody explain what may be the right flow of actions, and/or point me
> to any examples?

Try experimenting with the linked to code and let me know how it goes
Cheers, Sergey
>
> Thanks
>
> Ramesh..
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-Client-to-handle-SAML-OAuth2-in-SSO-tp5750699.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message