[jira] [Commented] (WSS-516) Change saml AssertionWrapper to setSamlVersion before calling callback handler

Wed, 08 Oct 2014 02:12:44 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163254#comment-14163254
 ] 

Colm O hEigeartaigh commented on WSS-516:
-----------------------------------------

It should already be possible to do this. For example, see the "addSamlToken" 
code in CXF 2.7.x's AbstractBindingBuilder:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java;hb=refs/heads/2.7.x-fixes

 SAMLParms samlParms = new SAMLParms();
        samlParms.setCallbackHandler(handler);
        if (token.isUseSamlVersion11Profile10() || 
token.isUseSamlVersion11Profile11()) {
            samlParms.setSAMLVersion(SAMLVersion.VERSION_11);
        } else if (token.isUseSamlVersion20Profile11()) {
            samlParms.setSAMLVersion(SAMLVersion.VERSION_20);
        }
        info.setAsserted(true);
        AssertionWrapper assertion = new AssertionWrapper(samlParms);

So long as your CallbackHandler is not explicitly setting a DOM Element on the 
SAMLCallback, it should be creating a new SAML token with the value passed 
through from SamlParms.

Colm.

> Change saml AssertionWrapper to setSamlVersion before calling callback handler
> ------------------------------------------------------------------------------
>
>                 Key: WSS-516
>                 URL: https://issues.apache.org/jira/browse/WSS-516
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.0.2, 1.6.17
>            Reporter: Jason Pell
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.6.18, 2.0.3
>
>         Attachments: patch-1.6.txt
>
>
> If the SAMLCallback was provided the expected Saml Version based on 
> information already provided to the AssertionWrapper, it would be easy for a 
> local SAMLCallback to create the correct saml token.
> For most everything in CXF we can use the WS-Policy to determine what needs 
> to be done on the client side to correct interface with a cxf web service.
> With this small change a SAML Callback handler can create the appropriately 
> versioned saml token without additional configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to