Hi all,
I'm trying to develop an Identity Provider that uses WS-Trust to issue SAML 2.0 assertions. I am using axis2, following the guidelines from the IBM developerworks: https://www6.software.ibm.com/developerworks/education/ws-understand-web-ser= vices4/ Do you know any other document regarding the use of rampart? I put in the services.xml the following: <service name=3D"TianiSTS"> <description> Tiani Spirit SecureTokenService </description> <parameter =20 name=3D"ServiceClass">com.spirit.sts.TokenManagerService</parameter> <parameter name=3D"InflowSecurity"> <action> <items>Timestamp</items> </action> </parameter> <parameter name=3D"OutflowSecurity"> <action> <items>Timestamp</items> </action> </parameter> <operation name=3D"RequestTokenIssue"> <messageReceiver =20 class=3D"org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> </operation> </service> Everything works, the client sends the message with the right headers and rampart does its checks. In the client I create the WS-Trust elements requesting the SAML token. From the server I take the remainings headers (wstrust) I check them and if everythings is OK I create the OMElement SAMLAssertion (I do not =20 use OpenSAML2 is I don't know how to write code: examples from =20 internet2 wiki don't work). First question: How can I add the SAMLAssertion header in the SOAP Response? I use the MessageContext.getCurrentMessageContext() to get the SOAP =20 Request header, but how can I do it with the response? Second question: Is rahas capable to issue SAML 2.0 tokens? It uses =20 opensaml1, as I can see. Third question: In the response message, the Timestamp is not present. =20 Have you idea why? Thank you, Massimiliano Masi ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]