Re: [Carbon-dev] Identity Server: STS pluggable authentication mechanisms
Sorry, I forgot to add the reference. http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html Thanks, Thilina On Wed, Oct 19, 2011 at 3:25 AM, Michael Smith msm...@cbnco.com wrote: Thilina Buddhika wrote: On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe sam...@wso2.com mailto:sam...@wso2.com wrote: I assume that this is possible with a call back plugged in. Any identity server folks like to comment? Yes. This is doable with a custom callback handler implementation. From Identity Server 3.2.0 release upwards, it is possible to use a custom policy which is stored in the registry to secure the STS. When defining this custom policy, you can include your custom callback handler class in the rampart config. section. More information about the rampart config options is available here. Hi Thilina, Thanks for the reply. Was the word here at the end of that sentence meant to be a link? It didn't make it through the mailing list. I couldn't find any documentation about defining a custom policy, although after reading through the code it looks like I could start by copying the policy from security scenario 1. Mike On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith msm...@cbnco.com mailto:msm...@cbnco.com wrote: Hi, Is there a way to define a custom token validation mechanism when using WSO2 IS as an STS to issue SAMLv2 tokens? I'd like to configure WSO2 to pass UsernameTokens to a custom class for authentication, and if fails, to fall back to the standard UsernameToken processor. Thanks, Mike ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.com/ http://wso2.org http://wso2.org/ ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Identity Server: STS pluggable authentication mechanisms
Hi Thilina, Is there a reference for creating a custom STS policy? Looking in the source I found scenario1-policy.xml which defines the UsernameToken security policy. I was hoping to use it as a reference, but it doesn't have a RampartConfig element, nor does it define a password callback. Thanks, Mike On Wed, 19 Oct 2011, Thilina Buddhika wrote: Sorry, I forgot to add the reference. http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html Thanks, Thilina On Wed, Oct 19, 2011 at 3:25 AM, Michael Smith msm...@cbnco.com wrote: Thilina Buddhika wrote: On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe sam...@wso2.com mailto:sam...@wso2.com wrote: I assume that this is possible with a call back plugged in. Any identity server folks like to comment? Yes. This is doable with a custom callback handler implementation. From Identity Server 3.2.0 release upwards, it is possible to use a custom policy which is stored in the registry to secure the STS. When defining this custom policy, you can include your custom callback handler class in the rampart config. section. More information about the rampart config options is available here. Hi Thilina, Thanks for the reply. Was the word here at the end of that sentence meant to be a link? It didn't make it through the mailing list. I couldn't find any documentation about defining a custom policy, although after reading through the code it looks like I could start by copying the policy from security scenario 1. Mike On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith msm...@cbnco.com mailto:msm...@cbnco.com wrote: Hi, Is there a way to define a custom token validation mechanism when using WSO2 IS as an STS to issue SAMLv2 tokens? I'd like to configure WSO2 to pass UsernameTokens to a custom class for authentication, and if fails, to fall back to the standard UsernameToken processor. Thanks, Mike ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.com/ http://wso2.org http://wso2.org/ ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Identity Server: STS pluggable authentication mechanisms
I assume that this is possible with a call back plugged in. Any identity server folks like to comment? On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith msm...@cbnco.com wrote: Hi, Is there a way to define a custom token validation mechanism when using WSO2 IS as an STS to issue SAMLv2 tokens? I'd like to configure WSO2 to pass UsernameTokens to a custom class for authentication, and if fails, to fall back to the standard UsernameToken processor. Thanks, Mike ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.org ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Identity Server: STS pluggable authentication mechanisms
On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe sam...@wso2.com wrote: I assume that this is possible with a call back plugged in. Any identity server folks like to comment? Yes. This is doable with a custom callback handler implementation. From Identity Server 3.2.0 release upwards, it is possible to use a custom policy which is stored in the registry to secure the STS. When defining this custom policy, you can include your custom callback handler class in the rampart config. section. More information about the rampart config options is available here. It is not straight forward to invoke the original callback handler, if the custom handler fails through a configuration. I think you can implement that logic inside your custom callback handler class. Thanks, Thilina On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith msm...@cbnco.com wrote: Hi, Is there a way to define a custom token validation mechanism when using WSO2 IS as an STS to issue SAMLv2 tokens? I'd like to configure WSO2 to pass UsernameTokens to a custom class for authentication, and if fails, to fall back to the standard UsernameToken processor. Thanks, Mike ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.org ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Identity Server: STS pluggable authentication mechanisms
Thilina Buddhika wrote: On Tue, Oct 18, 2011 at 3:47 PM, Samisa Abeysinghe sam...@wso2.com mailto:sam...@wso2.com wrote: I assume that this is possible with a call back plugged in. Any identity server folks like to comment? Yes. This is doable with a custom callback handler implementation. From Identity Server 3.2.0 release upwards, it is possible to use a custom policy which is stored in the registry to secure the STS. When defining this custom policy, you can include your custom callback handler class in the rampart config. section. More information about the rampart config options is available here. Hi Thilina, Thanks for the reply. Was the word here at the end of that sentence meant to be a link? It didn't make it through the mailing list. I couldn't find any documentation about defining a custom policy, although after reading through the code it looks like I could start by copying the policy from security scenario 1. Mike On Fri, Oct 14, 2011 at 9:30 PM, Michael Smith msm...@cbnco.com mailto:msm...@cbnco.com wrote: Hi, Is there a way to define a custom token validation mechanism when using WSO2 IS as an STS to issue SAMLv2 tokens? I'd like to configure WSO2 to pass UsernameTokens to a custom class for authentication, and if fails, to fall back to the standard UsernameToken processor. Thanks, Mike ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.com/ http://wso2.org http://wso2.org/ ___ Carbon-dev mailing list Carbon-dev@wso2.org mailto:Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev