Re: org.apache.ws.secpolicy.model.Token and SAML

Tue, 02 Feb 2010 00:42:56 -0800 

Hi Peter,

When using a SAML token as a supporting token, it is specified as an Issued
Token. The corresponding policy looks similar to the following.

<sp:IssuedToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<Address xmlns="http://www.w3.org/2005/08/addressing";>
http://localhost:8080/axis2/services/STS</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
</t:TokenType>
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust
">256</t:KeySize>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>


Here the token type is identified using the TokenType element in the
RequestSecurityToken element.

Please have a look at the Rampart Sample-05.

Hope this helps.

Thanks.
/thilina

Thilina Mahesh Buddhika
http://blog.thilinamb.com


On Mon, Feb 1, 2010 at 2:47 PM, Peter Rankor <[email protected]>wrote:

> List,
>
> if you want to use a SAML token as Initiator or SupportingToken and specify
> i.e.:
>                 <sp:SupportingTokens>
>                        <wsp:Policy>
>                            <sp:SamlToken sp:IncludeToken="
>
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
>                                <wsp:Policy>
>                                    <sp:WssSamlV11Token10/>
>                                </wsp:Policy>
>                            </sp:SamlToken>
>                        </wsp:Policy>
>                    </sp:SupportingTokens>
>
> in the services.xml
>
> the resulting WSDL looks like:
>
>  <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>                    <wsp:Policy/>
>                </sp:SupportingTokens>
>
> This seems to be realted to the fact that
>
> org.apache.ws.secpolicy.model.Token
>
> has 5 children:
>
> HttpsToken
> IssuedToken
> SecurityContextToken
> UsernameToken
> X509Token
>
> SAML is missing.
>
> Two questions:
> 1) Am I correct, that the lack of a SAML token as child of
> org.apache.ws.secpolicy.model.Token results in the incomplete WSDL shown
> above?
> 2) If this is correct, has someone already implemented a SamlToken as child
> of org.apache.ws.secpolicy.model.Token?
>
> Thanks for your help.
>
> Peter
>

Reply via email to