> Once you get to 2.7.5, you should be able to grab the principal and such from > the context. I think that is fine, but Colm would definitely need to weigh > in > on this. (although it's a public holiday in Ireland today)
Yep, the code looks like: SecurityContext sc = message.get(SecurityContext.class); Principal user = sc.getUserPrincipal(); if (!(user instanceof SAMLTokenPrincipal)) { // other type of token: error } SAMLTokenPrincipal saml = ((SAMLTokenPrincipal) user).getToken(); List<org.opensaml.saml2.core.Statement> statements = saml.getSaml2().getStatements(); for (Statement s : statements) { // Loop through the attribute statements } Regards, Andrei. > -----Original Message----- > From: Daniel Kulp [mailto:dk...@apache.org] > Sent: Montag, 3. Juni 2013 19:06 > To: users@cxf.apache.org; DTaylor > Subject: Re: WS-SecureConversation and SAML assertions > > > On Jun 3, 2013, at 11:03 AM, DTaylor <dan.tay...@merge.com> wrote: > > > We're now attempting to utilize WS-SecureConversation and SAML tokens > > for negotiating security sessions in our applications. > > > > Currently, we are on CXF 2.6.2 (we are looking at moving to CXF 2.7.5) > > and are curious about the status about WS-SecureConversation with a > > set of SAML assertions. > > > > We are curious about the status of WS-SecureConversation and SAML > > assertions and, if relevant, accessing the SAML assertions. > > > > As far as the status of WS-SC & SAML assertions, from this Jira: CXF-4457 > > <https://issues.apache.org/jira/browse/CXF-4457> , it appears as > > though the use of a SAML token with WS-SecureConversation is not > > currently supported by CXF. > > I think that JIRA needs closing. I'll double check. Thanks for the pointer. > > > > However, we also came across this Jira: CXF-4977 > > <https://issues.apache.org/jira/browse/CXF-4977> which seems to > indicate > > that WS-SecureConversation with WS-Trust is now supported in CXF post > 2.6.2. > > Is it accurate to assume this is now supported or is it only partially > > supported or not at all? > > Well, with 2.6.2, it would be partially supported. It's likely with config, > you > can get the SAML stuff to work to get the WS-SecureConversation token. > However, after the initial negotiation of the token, you would not have > access to the SAML token again as we would not have recorded it in the > session. Thus, if you need to make any decisions within your own code > about actions to take based on the SAML assertion, you would not be able > to. You would need to update to 2.7.5 for that support. > > > If it is supported, the other question we have is in regards to > > accessing the claims from the SAML assertions. Is there some manner > > to access the SAML assertions in the interceptor chain, or will we > > need to create a custom method of accessing the assertions? > > Once you get to 2.7.5, you should be able to grab the principal and such from > the context. I think that is fine, but Colm would definitely need to weigh > in > on this. (although it's a public holiday in Ireland today) > > Dan > > > > > Thanks, > > > > Dan > > > > > > > > -- > > View this message in context: > > http://cxf.547215.n5.nabble.com/WS-SecureConversation-and-SAML- > asserti > > ons-tp5728643.html Sent from the cxf-user mailing list archive at > > Nabble.com. > > -- > Daniel Kulp > dk...@apache.org - http://dankulp.com/blog Talend Community Coder - > http://coders.talend.com