Hi Colm, thanks for your valuable insights. Indeed the WSDL is broken in a number of ways but comes from the service provider and I don't think it will be fixed anytime soon. I worked around it a number of ways: added a ManualSAMLOutInterceptor, enabled the WSAddressing feature, and counting...
Just for curiosity, what do you mean by "The example request contains three SAML Assertions. This is also rather unusual...who is supposed to be providing these Assertions?"? Il giorno lun 20 mar 2017 alle ore 12:37 Colm O hEigeartaigh < [email protected]> ha scritto: > The security policy in the WSDL is unusual to say the least. It defines an > AsymmetricBinding policy, but no SignedParts/EncryptedParts so no security > is actually applied to the SOAP request. I find it hard to believe that > this is the desired behaviour? > > The example request contains three SAML Assertions. This is also rather > unusual...who is supposed to be providing these Assertions? The SAML > CallbackHandler is not called by the way, because there is no SamlToken > policy in the WSDL. > > Colm. > > On Thu, Mar 16, 2017 at 7:19 AM, Raffaele Sgarro <[email protected] > > > wrote: > > > I have this web service that requires SAML assertions: > > > > - Example request: https://hastebin.com/uducuyobuv.xml > > - WSDL: https://hastebin.com/yapotuqiqu.wsdl > > - XSD: https://hastebin.com/udoworowig.xsd > > > > I put a CallbackHandler in the SecurityConstants.SAML_CALLBACK_HANDLER > key > > but it is never called. > > > > It seems to me that the security policy does not reference SAML in any > way, > > so I may need to manually configure CXF. But how? > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
