Hello Nandana:
I've some questions about the ConfigurationContext We have to create ConfigurationContext when we use WS-Security (Rampart) or WS-Addressing because in these cases we need to use modules (rampart and addressing). So when I want to add information in the SOAPHeader using SWA (Soap with Attachment) I've problems. Could I manage soap header when I use the addressing module? Thanks, Nuria 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > Hi Nuria, > > > A client accessing a WebService, and a SAML Authority (STS): > > > > 1) Have the client and the web Service to access to the same SAML > Authority? > > (I have read anywhere that the SAML Authority only can be of STS type). > > Client needs access to the STS as it requires to get tokens from the STS. > And > Client <---> STS and > STS <---> Web > must trust each other. Sometimes service don't need to access the STS > to validate the SAML token. In the examples of Rampart, service itself > validates the SAML token and it doesn't access the STS. But there is a > pre configured trust between the STS and the service. > > > 2) Covers RAHAS all the scenarios of SAML interaction between these > actors > > or there are any limitations currently? > > RAMPART/RAHAS can use SAML token as a supporting token and as a > protection token. So those two scenarios are pretty covered. > WS Trust specification defines four bindings. Namely Issue , Validate, > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue > and Cancel bindings. But we may be able to get the other two bindings > working before the next release of Apache Rampart. > > thanks, > /nandana > > > > > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: > > > > > Hi Jens, > > > Not at the moment. But we will include a one before next release. > > > > > > thanks, > > > nandana > > > > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > Hello Nunny, > > > > > > > > is there any sample available where the SAML token can be used as a > > > > protection token for signing and encrypting messages? > > > > > > > > Thanks, > > > > Jens > > > > > > > > > > > > > > > > > > > > > > > > Nunny wrote: > > > > > > > > > > Hi Nuria, > > > > > > > > > >> I've some doubts about SAML with axis2. I need to know if the > > sample05 > > > > >> covers all the the SAML cases. > > > > > > > > > > No, it covers only one scenario. For example, this uses SAML > token as > > a > > > > > supporting token. There is another scenarios where SAML token can > be > > > > > used as a protection token where it will be used to sign and > encrypt > > > > > messages. > > > > > > > > > > > > > > > > > > > >> We first receive the SAML token response then we indicate, in > the > > options > > > > >> the responseToken id > > > > >> I don't know where we are sending to the server the SAML > assertion > > in the > > > > >> soapMessage > > > > > > > > > > When the id is set, Rampart message builders add the assertion to > the > > > > > security > > > > > header according to the security policy. If you monitor the > messages > > > > > exchanged > > > > > through TCPMon, then you can actually see the SAML assertion in > the > > > > > security > > > > > header of the SOAP request to the service. > > > > > > > > > >> Another thing is to know what are the requestSecurityToken > > parameters. > > > > > > > > > > In the client, we set these parameters using RST template. > > > > > > > > > > private static OMElement getRSTTemplate() throws Exception { > > > > > OMFactory fac = OMAbstractFactory.getOMFactory(); > > > > > OMElement elem = > > > > > fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE > ); > > > > > TrustUtil.createTokenTypeElement( > RahasConstants.VERSION_05_02, > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10); > > > > > TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02 > , > > elem, > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY); > > > > > TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02 > , > > elem, 256); > > > > > return elem; > > > > > } > > > > > > > > > > These parameters are defined in the WS Trust specification [1]. > > > > > > > > > > /nandana > > > > > > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf > > > > > > > > > > http://nandana83.blogspot.com/ > > > > > http://nandanasm.wordpress.com/ > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > -- > > > > View this message in context: > > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html > > > > Sent from the Axis - User mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > http://nandana83.blogspot.com/ > http://nandanasm.wordpress.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >