cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: How to create SAML assertions
Date Mon, 20 Mar 2017 12:25:08 GMT
What I meant was why are there three assertions in the security header (and
not one)? Are the assertions meant to be created by the client or obtained
from a third-party service of some kind?

Colm.

On Mon, Mar 20, 2017 at 12:09 PM, Raffaele Sgarro <raffaelesgarro@gmail.com>
wrote:

> Hi Colm,
>
> thanks for your valuable insights. Indeed the WSDL is broken in a number
> of ways but comes from the service provider and I don't think it will be
> fixed anytime soon. I worked around it a number of ways: added a
> ManualSAMLOutInterceptor, enabled the WSAddressing feature, and counting...
>
> Just for curiosity, what do you mean by "The example request contains
> three SAML Assertions. This is also rather unusual...who is supposed to
> be providing these Assertions?"?
>
> Il giorno lun 20 mar 2017 alle ore 12:37 Colm O hEigeartaigh <
> coheigea@apache.org> ha scritto:
>
>> The security policy in the WSDL is unusual to say the least. It defines an
>> AsymmetricBinding policy, but no SignedParts/EncryptedParts so no security
>> is actually applied to the SOAP request. I find it hard to believe that
>> this is the desired behaviour?
>>
>> The example request contains three SAML Assertions. This is also rather
>> unusual...who is supposed to be providing these Assertions? The SAML
>> CallbackHandler is not called by the way, because there is no SamlToken
>> policy in the WSDL.
>>
>> Colm.
>>
>> On Thu, Mar 16, 2017 at 7:19 AM, Raffaele Sgarro <
>> raffaelesgarro@gmail.com>
>> wrote:
>>
>> > I have this web service that requires SAML assertions:
>> >
>> > - Example request: https://hastebin.com/uducuyobuv.xml
>> > - WSDL: https://hastebin.com/yapotuqiqu.wsdl
>> > - XSD: https://hastebin.com/udoworowig.xsd
>> >
>> > I put a CallbackHandler in the SecurityConstants.SAML_CALLBACK_HANDLER
>> key
>> > but it is never called.
>> >
>> > It seems to me that the security policy does not reference SAML in any
>> way,
>> > so I may need to manually configure CXF. But how?
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message