Hi Nandana, Thank you for the quick response!
> Did you take a look at rampart policy sample 5? I don't think it's quite the same kind of token. My tokens look like this... <saml:Attribute AttributeName="SMSESSION" AttributeNamespace="http://www.forumsys.com/sentry";> <saml:AttributeValue>wFQ7FQ0TQ2RclopYC0ZBTN........</saml:AttributeValue> </saml:Attribute> >From the documentation I've read describing how to interact with the service >I'm writing the client for, it appears that I have to send the whole assertion >back. I have come up a solution that works, though I'm doubtful that it is the >best/most correct solution. I'll share it here anyway for anyone following the >thread or searching the mail archives... I pull out the assertion after I invoke the login service... MessageContext msgCtx = stub._getServiceClient().getLastOperationContext().getMessageContext("In"); Iterator headerItr = msgCtx.getEnvelope().getHeader().getChildren(); while (headerItr.hasNext()) { OMElement header = (OMElement) headerItr.next(); if (header.getLocalName().equals("Security")) { Iterator subheaderItr = header.getChildren(); while (subheaderItr.hasNext()) { OMElement subheader = (OMElement) subheaderItr.next(); if (subheader.getLocalName().equals("Assertion")) { InjectSamlAssertionHandler.setAssertion(subheader); } } } } I created a class called InjectSamlAssertionHandler that extends AbstractHandler. In the invoke method I add the assertion to the WS Security... Iterator headerBlocks = msgCtx.getEnvelope().getHeader().examineAllHeaderBlocks(); while (headerBlocks.hasNext()) { SOAPHeaderBlock headerBlock = (SOAPHeaderBlock) headerBlocks.next(); if (headerBlock.getLocalName().equals("Security")) { headerBlock.addChild(assertion); break; } } Finally I added the handler to the axis2.xml I'm using for subsequent web service calls. -Tom
