Hi Dan,
Just additionally tested your case I send slightly modified code to obtain
token in your interceptor:
String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(TokenStore.class.getName());
if (tokenStore == null) {
EndpointInfo info =
message.getExchange().get(Endpoint.class).getEndpointInfo();
tokenStore =
(TokenStore)info.getProperty(TokenStore.class.getName());
}
SecurityToken token = tokenStore.getToken(id);
Element tokenElement = token.getToken();
Regards,
Andrei.
-----Original Message-----
From: Andrei Shakirin [mailto:[email protected]]
Sent: 12 May 2012 19:15
To: [email protected]
Subject: RE: Accessing Claims in a client
Hi Dan,
Basically SAML token is cached in the store inside CXF
IssuedTokenOutInterceptor (IssuedTokenInterceptorProvider.java).
This interceptor is called on the phase Phase.PREPARE_SEND.
You should be able to extract token in your interceptor using following code:
String id = (String)message.get(SecurityConstants.TOKEN_ID);
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(TokenStore.class.getName());
SecurityToken token = tokenStore.getToken(id);
Element tokenElement = token.getToken();
If it doesn't work, I would suggest to debug CXF
IssuedTokenOutInterceptor.handleMessage() and IssuedTokenOutInterceptor.
storeDelegationTokens() to analyse why token was not received or stored.
Regards,
Andrei.
-----Original Message-----
From: DTaylor [mailto:[email protected]]
Sent: 11 May 2012 21:27
To: [email protected]
Subject: RE: Accessing Claims in a client
Hi Andrei,
The WSS4jOutInterceptorInternal is a package protected class. I made the
PlaceHolderInterceptor so that I could explicitly say
addAfter(WSS4JOutInterceptorInternal), and then have my real interceptor go
after the PlaceHolderInterceptor (basically a quick and dirty test).
According to the iterator over the interceptor chain, my real interceptor is
about 4 interceptors after the WSS4JOutInterceptor and it is in the
POST_PROTOCOL phase. I am unable to acquire the security context at this point.
I am relatively sure the SAML token was successfully received and accepted by
my client, based upon if I modify the STS to not return one of the claims I am
making, the Service rejects the interaction from the client entirely due to the
claim not being present and not being optional.
There are no errors or warnings in my server STS logs and I get no errors or
exceptions on the client side.
Adding logging to the interceptor I'm writing in the handleMessage method:
My Phase: post-protocol
this.getBefore() returns:
this.getAfter() returns:
Interceptor:
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal
Interceptor:
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.WSS4JOutInterceptorInternal
--
View this message in context:
http://cxf.547215.n5.nabble.com/Accessing-Claims-in-a-client-tp5698187p5704049.html
Sent from the cxf-user mailing list archive at Nabble.com.
