All,
For those who are interested, I have found a way to include the "obtained"
SAML token in the created Security header (<wsse:Security>) of the SOAP
message.
Used Axis2 AXIOM API methods to insert the Security header with the correct
namespace. Upon creating the security header , we just need to add the
obtained SAML token.
Importantly, this approach will completely BYPASS Rampart module engagement
with Axis2 client.
Attached is the code snippet that goes in to the WSDL2Java generated stub
class method toEnvelope(org.apache.axiom.soap.SOAPFactory factory, .. ,
...).
=======================================================
try {
//get SAML assertion token
String assertion = getAssertion();
org.apache.axiom.soap.SOAPEnvelope emptyEnvelope =
factory.getDefaultEnvelope();
OMNamespace ns = factory.createOMNamespace(
http://docs.oasis-open.org/wss/2004/01/oasis-2000401-wss-wssecurity-secext-1.0.xsd,
"wsse");
org.apache.axiom.soap.SOAPHeaderBlock soapHeaderBlock =
factory.createSOAPHeaderBlock("Security", ns);
//set the SAML assertion token in the SOAP Header block
soapHeaderBlock.setText(assertion);
//add the Header block to the header
emptyEnvelope.getHeader().addChild(soapHeaderBlock);
//add the relevant body to the envelope
emptyEnvelope.getBody().addChild(...);
return emptyEnvelope;
} catch (org.apache.axis2.databinding.ADBException e) {
throw org.apache.axis2.AxisFault.makeFault(e);
}
As a result, we will get the following SOAP header message:
<soapenv:Header>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<Assertion ...>....</Assertion>
</wsse:Security>
</soapenv:Header>
============================================================
DISCLAIMER: When the SOAP message was intercepted (by setting
log4j.logger.httpclient.wire.header = DEBUG in the log4j.properties file),
found out that the "<" and ">" chars of the Assertion string was being
encoded to the corresponding "<" and ">".
If anyone has suggestions to pass the Assertion string correctly (without
encoding), please share your thoughts...
Thanks,
Seshi Patibanda
On Tue, Jan 27, 2009 at 12:21 PM, Seshi Patibanda <seshi...@gmail.com>wrote:
> Hello all,
>
> As per the thread seen on markmail.org (
> http://markmail.org/thread/iq4j6x7g247wi75x), there was an update from
> Ruchith Fernando dated Nov 4, 2007 about the ways to include the obtained
> SAML token in the Security header.
>
> First option was given as:
>
> " By creating a wsse:Securityheader element and adding the token element
> into the header. Rampart processing down the line will re-use this header. "
>
> Could anyone please expand on how to implement this option using Apache
> Rampart 1.4?
>
> At my end, I have problems inserting an obtained SAML token in the Security
> header of my SOAP request. I have sent an email to
> axis-u...@ws.apache.orgmailing list requesting feedback but haven't received
> any yet. All I need to
> do is just pass the retrieved SAML token to the remote web service
> (SSL-enabled) via SOAP header in the request.
>
>
> My configuration:
> Deployed Apache Rampart 1.4 module correctly as per the samples. Using
> Axis2 1.4 client and stubs generated by WSDL2Java tool. Based on my
> configuration, would policy based approach work? If so, does anyone have any
> sample Transport-level security policies to implement the SAML passing?
>
> Any feedback/suggestion is highly appreciated.
>
> Thanks,
>
> Seshi Patibanda
> seshi...@gmail.com
>
>
