Hi,
Thanks for clearing that up. My job is to research the technologies and report back, so finding this out what is and isn't supported is valuable. thanks, Graeme > Date: Fri, 1 Oct 2010 15:19:48 +0530 > Subject: Re: Rampart's support of the WSS SAML Token profile 1.1 > From: [email protected] > To: [email protected] > > On Fri, Oct 1, 2010 at 2:55 PM, Graeme Jenkinson > <[email protected]> wrote: > > > > Hi All, > > > > > > > > Can someone confirm whether Rampart supports the WSS SAML Token profile > > (1.1)? > > Yes - Rampart does support SAML Token Profile 1.1 > > > > > > > > I am using Apache Synapse to proxy a legacy service; I am building a > > snapshot of Synapse that is picking up snapshots of Rampart and WSS4J. The > > proxy is secured using an asymmetric binding (X.509) with a SAML assertion > > passed as a SignedSupportingToken; the SAML assertion's > > SubjectConfirmationMethod is sender-vouches. My understanding of the WSS > > SAML Token profile is that - for sender-vouches - the attesting party must > > protect the SOAP message and the SAML assertion. However, I find that if I > > do neither of these things the assertion is still happily 'validated' by > > the proxy. > > IIRC sender-vouches not supported yet... > > Thanks & regards, > -Prabath > > > > > > > > > I'm fairly new to Rampart (although I have a good understanding of > > standards and their implementation in Metro) so I may be missing something > > obvious. Also I may be muddying the water a little through using of > > Synapse. However, looking at WSS4J I note that I states explict suppot for > > the Username and X.509 token profiles without mentioning SAML. > > > > > > > > If anyone can definitively state Ramparts (and WSS4J's) support for the > > SAML Token profile that would be a great help. > > > > > > > > thanks, > > > > > > > > Graeme > > > > > > > > > > -- > Thanks & Regards, > Prabath Siriwardena > > http://blog.facilelogin.com > http://RampartFAQ.com
