cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: JAX-RS SAML Web SSO - Validating SAML Response in OSGi
Date Wed, 05 Jul 2017 10:34:05 GMT
I've changed the code in CXF to avoid calling the OpenSAML code that calls
ServiceLoader.load. Could you try grabbing the latest sources and see if it
works now?

Colm.

On Wed, Jul 5, 2017 at 10:49 AM, Sergey Beryozkin <sberyozkin@gmail.com>
wrote:

> I have tested this feature in a demo awhile back,
>
> but I see now it was never tried on OSGI,
>
> https://github.com/Talend/tesb-rt-se/tree/master/examples/
> cxf/jaxrs-oauth2/sso-saml
>
> only the simpler version of the demo was:
> https://github.com/Talend/tesb-rt-se/tree/master/examples/
> cxf/jaxrs-oauth2/war-bundle
>
> Well, this RP code has been stressed by the users AFAIK but looks like it
> was never tried in OSGI, unless I'm missing something, Colm, can that
> validator provider optionally injected and if it is then the call to the
> static function be skipped ?
>
> Sergey
>
>
>
> On 04/07/17 15:41, DrBrain wrote:
>
>> Versions:
>> - CXF 3.1.8
>> - Karaf 4.0.9
>> - JDK 1.8.x
>>
>> I'm following the example on http://cxf.apache.org/docs/saml-web-sso.html
>> and everything's working fine up to the point where I need to validate the
>> SAML response I get back from the IdP. The problem seems to lie to the
>> fact
>> that RequestAssertionConsumerService ends up using a SignatureValidator
>> (provided by org.opensaml.xmlsec.signature.support) which in turn tries
>> to
>> find a signature validation provider using
>> ServiceLoader.load(SignatureValidationProvider.class) - which AFAIK will
>> never work in OSGi with no additional 'tricks'.
>>
>> Here's the calling sequence:
>>
>> And here's the problematic code (last call above):
>>
>>
>> Now, I'm pretty much aware of the problems of SPI + OSGi as well as
>> possible
>> remedies using something like Aries SPI Fly *on your own code*. However,
>> since I - obviously - don't control the above code, trying to "SPIfy" it
>> myself means I end up with custom JARs, custom Karaf features to include
>> those JARs, etc. - not a nice place to be :)
>>
>> So, I'm wondering whether I'm missing some obvious thing/workaround
>> here...
>> Any ideas welcome :)
>>
>>
>> Thanks
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.co
>> m/JAX-RS-SAML-Web-SSO-Validating-SAML-Response-in-OSGi-tp5781687.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message