Hi Stampacchia; Francesco Stampacchia wrote: > Hello Prabath, > I'm trying to set up my scenario using WSO2 Identity Server 2.0, and > I'm findind some help in your useful blog. > > But I'm stuck on some consideration. > First of all I think Identity Server could help me as IdP if I use it > as STS, am I right?! Yes... you can use Identity Server as an IdP. > SO 've created my custom Web Service Server that exposes one method > (echo) and I put it under axis2. Then I pointed it through STS > Configuration, using wso2 standard keystore alias and keystore. Yes - correct - that is you have added you service end point as a trusted end point to the STS.
But - "using wso2 standard keystore alias and keystore" is not correct. You need to first upload the cert corresponding to your service to the IS keystore and then use that cert alias in the STS configuration against he service end point. > > In this way is my service protected?! Am I doing right?! Please see my comment above. > > Then I coded the client sample you give in your blog and merged it > with my standard client in order to first perform a token retrival and > then, on successful retrival, give permissions to ask the service. > Is that ok or is there a way I can perform this task better through > the Identity Server?! > > Could you point me out some samples or a corret workflow to make it > all work. At the service end you need to verify the SAML token received. Please go through my blog - tagged under Identity Server. Thanks & regards. -Prabath > > Thanks > > 2009/9/10 Francesco Stampacchia <[email protected] > <mailto:[email protected]>> > > Thanks Prabath, > well, it would be great I you could address me to some how-to or > samples that could help me in setting up my scenario. > > I have to adapt an already developed WSC/WSP scenario that uses > rampart only for users authenticaton. Now I'd like to apply SSO > and Federation to my use case. > > How can Rampart and the Identity Server help me?! > > Cheers. > > > 2009/9/10 Prabath Siriwardena <[email protected] > <mailto:[email protected]>> > > Hi; > > Yes - in these scenarios you can use WSO2 Identity Server as > the IdP or > the token issuer. > > And - you need to build your client side on top of Rampart. > > Please let us know how we could help you... > > Thanks & regards. > -Prabath > > Francesco Stampacchia wrote: > > > > Hello everyone, > > we're setting up a WSC-WSP scenario on 2 machines. > > Machine A acts as IdP and as WSC, Machine B is federated > with A and > > acts as WSP. > > Our WSC is a simple wss client (ejb-client) and WSP is a wss > server > > (ejb-server). > > we're trying to create a library (used by both WSC and WSP) > that, > > develops the following actions: > > > > 1 - Non-Browser based user single-sign-on and successive > token generation > > > > 2 - SAML assertion generation on WSC side (through the token > obtained > > from step1) > > > > 3 - SAML validation on WSP side (the assertion should be > validated > > from the WSP) > > > > Can WSO2 Identity Server support us?! Does it has some API to > > integrate it and help this development scenario?! > > > > Thanks in advance! > > > > Francesco > > > > > > > > -- > > Stampacchia Francesco > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] <mailto:[email protected]> > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > _______________________________________________ > Carbon-dev mailing list > [email protected] <mailto:[email protected]> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > -- > Stampacchia Francesco > > > > > -- > Stampacchia Francesco > ------------------------------------------------------------------------ > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > _______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
