On Fri, Oct 1, 2010 at 2:55 PM, Graeme Jenkinson <[email protected]> wrote: > > Hi All, > > > > Can someone confirm whether Rampart supports the WSS SAML Token profile (1.1)?
Yes - Rampart does support SAML Token Profile 1.1 > > > > I am using Apache Synapse to proxy a legacy service; I am building a snapshot > of Synapse that is picking up snapshots of Rampart and WSS4J. The proxy is > secured using an asymmetric binding (X.509) with a SAML assertion passed as a > SignedSupportingToken; the SAML assertion's SubjectConfirmationMethod is > sender-vouches. My understanding of the WSS SAML Token profile is that - for > sender-vouches - the attesting party must protect the SOAP message and the > SAML assertion. However, I find that if I do neither of these things the > assertion is still happily 'validated' by the proxy. IIRC sender-vouches not supported yet... Thanks & regards, -Prabath > > > > I'm fairly new to Rampart (although I have a good understanding of standards > and their implementation in Metro) so I may be missing something obvious. > Also I may be muddying the water a little through using of Synapse. However, > looking at WSS4J I note that I states explict suppot for the Username and > X.509 token profiles without mentioning SAML. > > > > If anyone can definitively state Ramparts (and WSS4J's) support for the SAML > Token profile that would be a great help. > > > > thanks, > > > > Graeme > > > -- Thanks & Regards, Prabath Siriwardena http://blog.facilelogin.com http://RampartFAQ.com
