Re: SAML token insertion using ServiceClient class.
Hi! I have a very related issue. I receive an encrypted SAML-token from a third party, and I want to add it manually to the Security header using the ServiceClient class. Is this possible? Is it necessary to decrypt the data before inserting it into the Security header? -LT On Mon, 2008-03-03 at 20:46 +0530, Nandana Mihindukulasooriya wrote: Hi Hardev, Can you please explain your scenario ? Do you want to add it to the SOAP header ( specifically security header ) ? thanks, /nandana On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian [EMAIL PROTECTED] wrote: Hi, Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class. Regards, Hardev Get the name you always wanted with the new y7mail email address. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi Hardev,
We have an example that may help you (we don´t know exactly if is the same
case):
We invoke a STS service that provide us with a SAML token into a Token
object.
After this, we invoke the Service Provider using the SAML token obtained
previously.
You can do this with these lines of code:
Token responseToken = getSecurityResponseToken(context, policysec, stsEPR,
properties);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());context, policysec, stsEPR, properties);
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId)); KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());
And use the service client including these options.
sender = new ServiceClient(ctx, null);new ServiceClient(ctx, null);
sender.setOptions(options);
where the method getSecurityResponseToken is the following:
private Token getSecurityResponseToken(ConfigurationContext ctx, Policy
servicePolicy, String stsEPR, Properties properties) throws
CTLDataException{
Token responseToken=null;
STSClient stsClient;
try {
Policy stsPolicy = loadPolicy(properties,properties.getProperty(
ConstantsUtils.STSPOLICY));
stsClient = new STSClient(ctx);
stsClient.setRstTemplate(getRSTTemplate());
String action = TrustUtil.getActionValue(ConstantsUtils.RAHASVERSION,
RahasConstants.RST_ACTION_ISSUE);
stsClient.setAction(action);
responseToken = stsClient.requestSecurityToken(servicePolicy, stsEPR,
stsPolicy, null);
} catch (TrustException e) {
logger.error(e.getMessage() + . Not possible to obtain security token);
} catch (Exception e) {
logger.error(e.getMessage() + . Not possible to obtain security token);
}
return responseToken;
}
You have to take into account that the service will be invoked inmediately
after the STS is received.
We hope this helps,
good luck!
Re: SAML token insertion using ServiceClient class.
Hi Nandana, We are blocked in a similar case with a special scenario. As we have answered to Harvdev, we can send a SAML token received from a SAML authority directly to a Service Provider. But, we would like to invoke the Service Provider several times using a unique SAML token obtained previously. Would it be possible to include a known SAML token in a new context every time we call a service provider? How could we do this? Many thanks again Nuria 2008/3/3, Nandana Mihindukulasooriya [EMAIL PROTECTED]: Hi Hardev, Can you please explain your scenario ? Do you want to add it to the SOAP header ( specifically security header ) ? thanks, /nandana On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian [EMAIL PROTECTED] wrote: Hi, Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class. Regards, Hardev Get the name you always wanted with the new y7mail email address. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi, I can point to you some code that uses something called Token Storage [1] Thank you, Dimuthu [1] https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java On Wed, 2008-03-12 at 11:14 +0100, Lasse Tyrihjell wrote: Hi! I have a very related issue. I receive an encrypted SAML-token from a third party, and I want to add it manually to the Security header using the ServiceClient class. Is this possible? Is it necessary to decrypt the data before inserting it into the Security header? -LT On Mon, 2008-03-03 at 20:46 +0530, Nandana Mihindukulasooriya wrote: Hi Hardev, Can you please explain your scenario ? Do you want to add it to the SOAP header ( specifically security header ) ? thanks, /nandana On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian [EMAIL PROTECTED] wrote: Hi, Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class. Regards, Hardev Get the name you always wanted with the new y7mail email address. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi Nuria, You can implement a persistent token storage for this scenario. So that you can persist the tokens you obtain and later use them. Currently Rampart uses SimpleTokenStore which doesn't persist tokens. To understand how Rampart store a SimpleTokenStore in the configuration context, take a look at the getTokenStore() method in the TrustUtil class [1]. You can also persist the token element in the response in a file or database and create a token from it later when needed. How create a token from the token element can be found in processIssueResponse() method in the STSClient class [2]. WSO2 WSAS has implemented a persistent token store which can be found at SecurityTokenStore [2]. You can also take a look at it. thanks, /nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java [3] - https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi Nandana and Dimuthu, thanks for your comments, We have a more complex problem because we can manage/store only DOM elements in our Database (instead of Token elements) and would like to generate a Token from an assertion. We mean that we would like to do the following: 1) obtain a SAML assertion from the Token object (which has been obtained from the STS). 2) Save or change this SAML assertion as XML with a tool (without saving the Token object) (we have done the steps 1 and 2) 3) After this, in a different context, create a new Token from a SAML assertion that has been previously saved and use it in a new context sending it to the Service Provider. Could it be possible to do this? Thanks, Nuria 2008/3/12, Nandana Mihindukulasooriya [EMAIL PROTECTED]: Hi Nuria, You can implement a persistent token storage for this scenario. So that you can persist the tokens you obtain and later use them. Currently Rampart uses SimpleTokenStore which doesn't persist tokens. To understand how Rampart store a SimpleTokenStore in the configuration context, take a look at the getTokenStore() method in the TrustUtil class [1]. You can also persist the token element in the response in a file or database and create a token from it later when needed. How create a token from the token element can be found in processIssueResponse() method in the STSClient class [2]. WSO2 WSAS has implemented a persistent token store which can be found at SecurityTokenStore [2]. You can also take a look at it. thanks, /nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java [3] - https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi, Converting back and forth between SAMLAssertion and DOM is an easy task. Use the following methods. SAMLAssertion:toDOM(); SAMLAssertion assertion = new SAMLAssertion(inputStream); Thanks, Dimuthu On Wed, 2008-03-12 at 16:44 +0100, Nuria Rodríguez García wrote: Hi Nandana and Dimuthu, thanks for your comments, We have a more complex problem because we can manage/store only DOM elements in our Database (instead of Token elements) and would like to generate a Token from an assertion. We mean that we would like to do the following: 1) obtain a SAML assertion from the Token object (which has been obtained from the STS). 2) Save or change this SAML assertion as XML with a tool (without saving the Token object) (we have done the steps 1 and 2) 3) After this, in a different context, create a new Token from a SAML assertion that has been previously saved and use it in a new context sending it to the Service Provider. Could it be possible to do this? Thanks, Nuria 2008/3/12, Nandana Mihindukulasooriya [EMAIL PROTECTED]: Hi Nuria, You can implement a persistent token storage for this scenario. So that you can persist the tokens you obtain and later use them. Currently Rampart uses SimpleTokenStore which doesn't persist tokens. To understand how Rampart store a SimpleTokenStore in the configuration context, take a look at the getTokenStore() method in the TrustUtil class [1]. You can also persist the token element in the response in a file or database and create a token from it later when needed. How create a token from the token element can be found in processIssueResponse() method in the STSClient class [2]. WSO2 WSAS has implemented a persistent token store which can be found at SecurityTokenStore [2]. You can also take a look at it. thanks, /nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java [3] - https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/src/org/wso2/wsas/trust/SecurityTokenStore.java http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SAML token insertion using ServiceClient class.
Hi Hardev, Can you please explain your scenario ? Do you want to add it to the SOAP header ( specifically security header ) ? thanks, /nandana On Fri, Feb 29, 2008 at 6:40 AM, Hardev Sian [EMAIL PROTECTED] wrote: Hi, Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class. Regards, Hardev Get the name you always wanted with the new y7mail email address. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SAML token insertion using ServiceClient class.
Hi, Is it possible to insert a saml token which has been acquired from a third party into the soap request using ServiceClient class. Regards, Hardev - Get the name you always wanted with the new y7mail email address.
