Hi Nuria,
> I've some questions about the ConfigurationContext
> We have to create ConfigurationContext when we use WS-Security (Rampart) or
> WS-Addressing because in these cases we need to use modules (rampart and
> addressing).
Yes, IFAIK when you are using Rampart you need to have a client
repository which has Rampart module and you have to create a
configuration context using that repository so that the Rampart module
will be available to be engaged.
> Could I manage soap header when I use the addressing module?
What do you mean by managing the SOAP header ?
thanks,
/nandana
> 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
>
>
> > Hi Nuria,
> >
> > > A client accessing a WebService, and a SAML Authority (STS):
> > >
> > > 1) Have the client and the web Service to access to the same SAML
> Authority?
> > > (I have read anywhere that the SAML Authority only can be of STS type).
> >
> > Client needs access to the STS as it requires to get tokens from the STS.
> And
> > Client <---> STS and
> > STS <---> Web
> > must trust each other. Sometimes service don't need to access the STS
> > to validate the SAML token. In the examples of Rampart, service itself
> > validates the SAML token and it doesn't access the STS. But there is a
> > pre configured trust between the STS and the service.
> >
> > > 2) Covers RAHAS all the scenarios of SAML interaction between these
> actors
> > > or there are any limitations currently?
> >
> > RAMPART/RAHAS can use SAML token as a supporting token and as a
> > protection token. So those two scenarios are pretty covered.
> > WS Trust specification defines four bindings. Namely Issue , Validate,
> > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue
> > and Cancel bindings. But we may be able to get the other two bindings
> > working before the next release of Apache Rampart.
> >
> > thanks,
> > /nandana
> >
> >
> >
> >
> > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
> > >
> > > > Hi Jens,
> > > > Not at the moment. But we will include a one before next release.
> > > >
> > > > thanks,
> > > > nandana
> > > >
> > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer
> > > > <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Hello Nunny,
> > > > >
> > > > > is there any sample available where the SAML token can be used as a
> > > > > protection token for signing and encrypting messages?
> > > > >
> > > > > Thanks,
> > > > > Jens
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Nunny wrote:
> > > > > >
> > > > > > Hi Nuria,
> > > > > >
> > > > > >> I've some doubts about SAML with axis2. I need to know if the
> > > sample05
> > > > > >> covers all the the SAML cases.
> > > > > >
> > > > > > No, it covers only one scenario. For example, this uses SAML
> token as
> > > a
> > > > > > supporting token. There is another scenarios where SAML token can
> be
> > > > > > used as a protection token where it will be used to sign and
> encrypt
> > > > > > messages.
> > > > > >
> > > > > >
> > > > > >
> > > > > >> We first receive the SAML token response then we indicate, in
> the
> > > options
> > > > > >> the responseToken id
> > > > > >> I don't know where we are sending to the server the SAML
> assertion
> > > in the
> > > > > >> soapMessage
> > > > > >
> > > > > > When the id is set, Rampart message builders add the assertion to
> the
> > > > > > security
> > > > > > header according to the security policy. If you monitor the
> messages
> > > > > > exchanged
> > > > > > through TCPMon, then you can actually see the SAML assertion in
> the
> > > > > > security
> > > > > > header of the SOAP request to the service.
> > > > > >
> > > > > >> Another thing is to know what are the requestSecurityToken
> > > parameters.
> > > > > >
> > > > > > In the client, we set these parameters using RST template.
> > > > > >
> > > > > > private static OMElement getRSTTemplate() throws Exception {
> > > > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > > > OMElement elem =
> > > > > >
> fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
> > > > > >
> TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
> > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10);
> > > > > >
> TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
> > > elem,
> > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY);
> > > > > >
> TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02,
> > > elem, 256);
> > > > > > return elem;
> > > > > > }
> > > > > >
> > > > > > These parameters are defined in the WS Trust specification [1].
> > > > > >
> > > > > > /nandana
> > > > > >
> > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
> > > > > >
> > > > > > http://nandana83.blogspot.com/
> > > > > > http://nandanasm.wordpress.com/
> > > > > >
> > > > >
> > > > > >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > View this message in context:
> > > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html
> > > > > Sent from the Axis - User mailing list archive at Nabble.com.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
> > http://nandana83.blogspot.com/
> > http://nandanasm.wordpress.com/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
