Re: [Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-19 Thread Michael Smith 
Hi Thilina,

Is there a reference for creating a custom STS policy?

Looking in the source I found scenario1-policy.xml which defines the 
UsernameToken security policy. I was hoping to use it as a reference, but 
it doesn't have a RampartConfig element, nor does it define a password 
callback.

Thanks,
Mike

On Wed, 19 Oct 2011, Thilina Buddhika wrote:

> Sorry, I forgot to add the reference.
> 
> http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html
> 
> Thanks,
> Thilina
> 
> On Wed, Oct 19, 2011 at 3:25 AM, Michael Smith  wrote:
> 
> > Thilina Buddhika wrote:
> > >
> > >
> > > On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe  > > > wrote:
> > >
> > > I assume that this is possible with a call back plugged in. Any
> > > identity server folks like to comment?
> > >
> > >
> > > Yes. This is doable with a custom callback handler implementation.
> > >
> > > From Identity Server 3.2.0 release upwards, it is possible to use a
> > > custom policy which is stored in the registry to secure the STS. When
> > > defining this custom policy, you can include your custom callback
> > > handler class in the rampart config. section. More information about the
> > > rampart config options is available here.
> >
> > Hi Thilina,
> >
> > Thanks for the reply. Was the word "here" at the end of that sentence
> > meant to be a link? It didn't make it through the mailing list. I
> > couldn't find any documentation about defining a custom policy, although
> > after reading through the code it looks like I could start by copying
> > the policy from "security scenario 1".
> >
> > Mike
> >
> > >
> > >
> > >
> > > On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith  > > > wrote:
> > >
> > > Hi,
> > >
> > > Is there a way to define a custom token validation mechanism
> > > when using
> > > WSO2 IS as an STS to issue SAMLv2 tokens?
> > >
> > > I'd like to configure WSO2 to pass UsernameTokens to a custom
> > > class for
> > > authentication, and if fails, to fall back to the standard
> > > UsernameToken
> > > processor.
> > >
> > > Thanks,
> > > Mike
> > > ___
> > > Carbon-dev mailing list
> > > Carbon-dev@wso2.org 
> > > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> > >
> > > Thanks,
> > > Samisa...
> > >
> > > Samisa Abeysinghe
> > > VP Engineering
> > > WSO2 Inc.
> > > http://wso2.com 
> > > http://wso2.org 
> > >
> > >
> > >
> > > ___
> > > Carbon-dev mailing list
> > > Carbon-dev@wso2.org 
> > > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> > >
> > >
> > >
> > >
> > > --
> > > Thilina Buddhika
> > > Associate Technical Lead
> > > WSO2 Inc. ; http://wso2.com
> > > lean . enterprise . middleware
> > >
> > > phone : +94 77 44 88 727
> > > blog : http://blog.thilinamb.com
> > >
> > >
> > > 
> > >
> > > ___
> > > Carbon-dev mailing list
> > > Carbon-dev@wso2.org
> > > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> 
> 
> 
> -- 
> Thilina Buddhika
> Associate Technical Lead
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
> 
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
> 
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-19 Thread Thilina Buddhika 
Sorry, I forgot to add the reference.

http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html

Thanks,
Thilina

On Wed, Oct 19, 2011 at 3:25 AM, Michael Smith  wrote:

> Thilina Buddhika wrote:
> >
> >
> > On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe  > > wrote:
> >
> > I assume that this is possible with a call back plugged in. Any
> > identity server folks like to comment?
> >
> >
> > Yes. This is doable with a custom callback handler implementation.
> >
> > From Identity Server 3.2.0 release upwards, it is possible to use a
> > custom policy which is stored in the registry to secure the STS. When
> > defining this custom policy, you can include your custom callback
> > handler class in the rampart config. section. More information about the
> > rampart config options is available here.
>
> Hi Thilina,
>
> Thanks for the reply. Was the word "here" at the end of that sentence
> meant to be a link? It didn't make it through the mailing list. I
> couldn't find any documentation about defining a custom policy, although
> after reading through the code it looks like I could start by copying
> the policy from "security scenario 1".
>
> Mike
>
> >
> >
> >
> > On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith  > > wrote:
> >
> > Hi,
> >
> > Is there a way to define a custom token validation mechanism
> > when using
> > WSO2 IS as an STS to issue SAMLv2 tokens?
> >
> > I'd like to configure WSO2 to pass UsernameTokens to a custom
> > class for
> > authentication, and if fails, to fall back to the standard
> > UsernameToken
> > processor.
> >
> > Thanks,
> > Mike
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org 
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> > Thanks,
> > Samisa...
> >
> > Samisa Abeysinghe
> > VP Engineering
> > WSO2 Inc.
> > http://wso2.com 
> > http://wso2.org 
> >
> >
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org 
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> >
> >
> >
> > --
> > Thilina Buddhika
> > Associate Technical Lead
> > WSO2 Inc. ; http://wso2.com
> > lean . enterprise . middleware
> >
> > phone : +94 77 44 88 727
> > blog : http://blog.thilinamb.com
> >
> >
> > 
> >
> > ___
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>



-- 
Thilina Buddhika
Associate Technical Lead
WSO2 Inc. ; http://wso2.com
lean . enterprise . middleware

phone : +94 77 44 88 727
blog : http://blog.thilinamb.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-18 Thread Michael Smith 
Thilina Buddhika wrote:
> 
> 
> On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe  > wrote:
> 
> I assume that this is possible with a call back plugged in. Any
> identity server folks like to comment? 
> 
> 
> Yes. This is doable with a custom callback handler implementation.
> 
> From Identity Server 3.2.0 release upwards, it is possible to use a
> custom policy which is stored in the registry to secure the STS. When
> defining this custom policy, you can include your custom callback
> handler class in the rampart config. section. More information about the
> rampart config options is available here.

Hi Thilina,

Thanks for the reply. Was the word "here" at the end of that sentence
meant to be a link? It didn't make it through the mailing list. I
couldn't find any documentation about defining a custom policy, although
after reading through the code it looks like I could start by copying
the policy from "security scenario 1".

Mike

> 
> 
> 
> On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith  > wrote:
> 
> Hi,
> 
> Is there a way to define a custom token validation mechanism
> when using
> WSO2 IS as an STS to issue SAMLv2 tokens?
> 
> I'd like to configure WSO2 to pass UsernameTokens to a custom
> class for
> authentication, and if fails, to fall back to the standard
> UsernameToken
> processor.
> 
> Thanks,
> Mike
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> 
> Thanks,
> Samisa...
> 
> Samisa Abeysinghe
> VP Engineering
> WSO2 Inc. 
> http://wso2.com 
> http://wso2.org 
> 
> 
> 
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org 
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> 
> 
> 
> 
> -- 
> Thilina Buddhika
> Associate Technical Lead
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
> 
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
> 
> 
> 
> 
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-18 Thread Thilina Buddhika 
On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe  wrote:

> I assume that this is possible with a call back plugged in. Any identity
> server folks like to comment?


Yes. This is doable with a custom callback handler implementation.

>From Identity Server 3.2.0 release upwards, it is possible to use a custom
policy which is stored in the registry to secure the STS. When defining this
custom policy, you can include your custom callback handler class in the
rampart config. section. More information about the rampart config options
is available here.

It is not straight forward to invoke the original callback handler, if the
custom handler fails through a configuration. I think you can implement that
logic inside your custom callback  handler class.

Thanks,
Thilina


>
>
> On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith  wrote:
>
>> Hi,
>>
>> Is there a way to define a custom token validation mechanism when using
>> WSO2 IS as an STS to issue SAMLv2 tokens?
>>
>> I'd like to configure WSO2 to pass UsernameTokens to a custom class for
>> authentication, and if fails, to fall back to the standard UsernameToken
>> processor.
>>
>> Thanks,
>> Mike
>> ___
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
> Thanks,
> Samisa...
>
> Samisa Abeysinghe
> VP Engineering
> WSO2 Inc.
> http://wso2.com
> http://wso2.org
>
>
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>


-- 
Thilina Buddhika
Associate Technical Lead
WSO2 Inc. ; http://wso2.com
lean . enterprise . middleware

phone : +94 77 44 88 727
blog : http://blog.thilinamb.com
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Re: [Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-18 Thread Samisa Abeysinghe 
I assume that this is possible with a call back plugged in. Any identity
server folks like to comment?

On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith  wrote:

> Hi,
>
> Is there a way to define a custom token validation mechanism when using
> WSO2 IS as an STS to issue SAMLv2 tokens?
>
> I'd like to configure WSO2 to pass UsernameTokens to a custom class for
> authentication, and if fails, to fall back to the standard UsernameToken
> processor.
>
> Thanks,
> Mike
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
Thanks,
Samisa...

Samisa Abeysinghe
VP Engineering
WSO2 Inc.
http://wso2.com
http://wso2.org
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

[Carbon-dev] Identity Server: STS & pluggable authentication mechanisms

2011-10-14 Thread Michael Smith 
Hi,

Is there a way to define a custom token validation mechanism when using
WSO2 IS as an STS to issue SAMLv2 tokens?

I'd like to configure WSO2 to pass UsernameTokens to a custom class for
authentication, and if fails, to fall back to the standard UsernameToken
processor.

Thanks,
Mike
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev