What I meant was why are there three assertions in the security header (and not one)? Are the assertions meant to be created by the client or obtained from a third-party service of some kind?
Colm. On Mon, Mar 20, 2017 at 12:09 PM, Raffaele Sgarro <[email protected]> wrote: > Hi Colm, > > thanks for your valuable insights. Indeed the WSDL is broken in a number > of ways but comes from the service provider and I don't think it will be > fixed anytime soon. I worked around it a number of ways: added a > ManualSAMLOutInterceptor, enabled the WSAddressing feature, and counting... > > Just for curiosity, what do you mean by "The example request contains > three SAML Assertions. This is also rather unusual...who is supposed to > be providing these Assertions?"? > > Il giorno lun 20 mar 2017 alle ore 12:37 Colm O hEigeartaigh < > [email protected]> ha scritto: > >> The security policy in the WSDL is unusual to say the least. It defines an >> AsymmetricBinding policy, but no SignedParts/EncryptedParts so no security >> is actually applied to the SOAP request. I find it hard to believe that >> this is the desired behaviour? >> >> The example request contains three SAML Assertions. This is also rather >> unusual...who is supposed to be providing these Assertions? The SAML >> CallbackHandler is not called by the way, because there is no SamlToken >> policy in the WSDL. >> >> Colm. >> >> On Thu, Mar 16, 2017 at 7:19 AM, Raffaele Sgarro < >> [email protected]> >> wrote: >> >> > I have this web service that requires SAML assertions: >> > >> > - Example request: https://hastebin.com/uducuyobuv.xml >> > - WSDL: https://hastebin.com/yapotuqiqu.wsdl >> > - XSD: https://hastebin.com/udoworowig.xsd >> > >> > I put a CallbackHandler in the SecurityConstants.SAML_CALLBACK_HANDLER >> key >> > but it is never called. >> > >> > It seems to me that the security policy does not reference SAML in any >> way, >> > so I may need to manually configure CXF. But how? >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
