RE: Accessing Claims in a client

Sat, 12 May 2012 10:15:36 -0700 

Hi Dan,

Basically SAML token is cached in the store inside CXF 
IssuedTokenOutInterceptor (IssuedTokenInterceptorProvider.java).
This interceptor is called on the phase Phase.PREPARE_SEND.

You should be able to extract token in your interceptor using following code:
        String id = (String)message.get(SecurityConstants.TOKEN_ID);
        TokenStore tokenStore = 
(TokenStore)message.getContextualProperty(TokenStore.class.getName());
                SecurityToken token = tokenStore.getToken(id);
                Element tokenElement = token.getToken();

If it doesn't work, I would suggest to debug CXF 
IssuedTokenOutInterceptor.handleMessage() and IssuedTokenOutInterceptor. 
storeDelegationTokens() to analyse why token was not received or stored.

Regards,
Andrei.

-----Original Message-----
From: DTaylor [mailto:[email protected]] 
Sent: 11 May 2012 21:27
To: [email protected]
Subject: RE: Accessing Claims in a client

Hi Andrei,

The WSS4jOutInterceptorInternal is a package protected class.  I made the 
PlaceHolderInterceptor so that I could explicitly say 
addAfter(WSS4JOutInterceptorInternal), and then have my real interceptor go 
after the PlaceHolderInterceptor (basically a quick and dirty test).

According to the iterator over the interceptor chain, my real interceptor is 
about 4 interceptors after the WSS4JOutInterceptor and it is in the 
POST_PROTOCOL phase.  I am unable to acquire the security context at this point.

I am relatively sure the SAML token was successfully received and accepted by 
my client, based upon if I modify the STS to not return one of the claims I am 
making, the Service rejects the interaction from the client entirely due to the 
claim not being present and not being optional.

There are no errors or warnings in my server STS logs and I get no errors or 
exceptions on the client side.

Adding logging to the interceptor I'm writing in the handleMessage method:



My Phase:  post-protocol

this.getBefore() returns:

this.getAfter() returns:
Interceptor: 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal
Interceptor: 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.WSS4JOutInterceptorInternal


--
View this message in context: 
http://cxf.547215.n5.nabble.com/Accessing-Claims-in-a-client-tp5698187p5704049.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to