> Once you get to 2.7.5, you should be able to grab the principal and such from
> the context. I think that is fine, but Colm would definitely need to weigh
> in
> on this. (although it's a public holiday in Ireland today)
Yep, the code looks like:
SecurityContext sc = message.get(SecurityContext.class);
Principal user = sc.getUserPrincipal();
if (!(user instanceof SAMLTokenPrincipal)) {
// other type of token: error
}
SAMLTokenPrincipal saml = ((SAMLTokenPrincipal) user).getToken();
List<org.opensaml.saml2.core.Statement> statements =
saml.getSaml2().getStatements();
for (Statement s : statements) {
// Loop through the attribute statements
}
Regards,
Andrei.
> -----Original Message-----
> From: Daniel Kulp [mailto:[email protected]]
> Sent: Montag, 3. Juni 2013 19:06
> To: [email protected]; DTaylor
> Subject: Re: WS-SecureConversation and SAML assertions
>
>
> On Jun 3, 2013, at 11:03 AM, DTaylor <[email protected]> wrote:
>
> > We're now attempting to utilize WS-SecureConversation and SAML tokens
> > for negotiating security sessions in our applications.
> >
> > Currently, we are on CXF 2.6.2 (we are looking at moving to CXF 2.7.5)
> > and are curious about the status about WS-SecureConversation with a
> > set of SAML assertions.
> >
> > We are curious about the status of WS-SecureConversation and SAML
> > assertions and, if relevant, accessing the SAML assertions.
> >
> > As far as the status of WS-SC & SAML assertions, from this Jira: CXF-4457
> > <https://issues.apache.org/jira/browse/CXF-4457> , it appears as
> > though the use of a SAML token with WS-SecureConversation is not
> > currently supported by CXF.
>
> I think that JIRA needs closing. I'll double check. Thanks for the pointer.
>
>
> > However, we also came across this Jira: CXF-4977
> > <https://issues.apache.org/jira/browse/CXF-4977> which seems to
> indicate
> > that WS-SecureConversation with WS-Trust is now supported in CXF post
> 2.6.2.
> > Is it accurate to assume this is now supported or is it only partially
> > supported or not at all?
>
> Well, with 2.6.2, it would be partially supported. It's likely with config,
> you
> can get the SAML stuff to work to get the WS-SecureConversation token.
> However, after the initial negotiation of the token, you would not have
> access to the SAML token again as we would not have recorded it in the
> session. Thus, if you need to make any decisions within your own code
> about actions to take based on the SAML assertion, you would not be able
> to. You would need to update to 2.7.5 for that support.
>
> > If it is supported, the other question we have is in regards to
> > accessing the claims from the SAML assertions. Is there some manner
> > to access the SAML assertions in the interceptor chain, or will we
> > need to create a custom method of accessing the assertions?
>
> Once you get to 2.7.5, you should be able to grab the principal and such from
> the context. I think that is fine, but Colm would definitely need to weigh
> in
> on this. (although it's a public holiday in Ireland today)
>
> Dan
>
> >
> > Thanks,
> >
> > Dan
> >
> >
> >
> > --
> > View this message in context:
> > http://cxf.547215.n5.nabble.com/WS-SecureConversation-and-SAML-
> asserti
> > ons-tp5728643.html Sent from the cxf-user mailing list archive at
> > Nabble.com.
>
> --
> Daniel Kulp
> [email protected] - http://dankulp.com/blog Talend Community Coder -
> http://coders.talend.com
