Re: Parse the incomming SAML token at server side

Tue, 23 Jan 2018 10:20:31 -0800 

Hello!
Its in the header:
------------
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ns="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:a="http://www.w3.org/2005/08/addressing";>
   <soapenv:Header>        
  <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext";>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
ID="pfxccb2f4f7-ca9c-3b5e-89b1-1d3c777400bc" Version="2.0"
IssueInstant="2014-07-17T01:01:48Z">

  [assertion]

  </saml:Assertion>

  </wsse:Security>
  </soapenv:Header>
 <soapenv:Body>
      <ns:RequestSecurityToken >
  
<ns:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</ns:RequestType>
 
<ns:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</ns:TokenType>
  <ns7:AppliesTo xmlns:ns7="http://www.w3.org/ns/ws-policy";>  [url] 
</ns7:AppliesTo>
  <!--
   <ns:Claims Dialect="http://bag.admin.ch/epr/2017/annex/5/addendum/2";>
 
[claims need to process too ]

 </ns:Claims>
-->
 </ns:RequestSecurityToken>
 </soapenv:Body>
</soapenv:Envelope>
---------------------

Its look like easy task for the first look:
get a SAML in the header, full of attributes, and a request with other
attributes.
Validate some attributes, and all header attributes + claims attributes
put the new SAML token.

but, about a week long, I google, read source code, google again, and
try to config the thing.
no good tutorial, no good documentation, no good description :(

Csaba



On 2018.01.23. 18:08, Colm O hEigeartaigh wrote:
> What does the request look like, e.g. where is the SAML token in the
> request? Is it referred to directly in the SOAP Body?
>
> Colm.
>
> On Tue, Jan 23, 2018 at 4:37 PM, Tóth Csaba <[email protected]> wrote:
>
>> Hello!
>>
>> I'd like to parse the incomming SAML token to get the fields (user, etc)
>> and give it to the issuer.
>> I found, that is done in the
>> org.apache.cxf.sts.operation.TokenIssueOperation class but
>> stsProperties.getSamlRealmCodec() is always null in my code (how can i
>> set it, need to create a new one?)
>> but after in the fetchSAMLAssertionFromWSSecuritySAMLToken() function
>> List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
>> line give back an empty list.
>>
>> In the request there is an SAML token.
>>
>> I try to find some solution, but every example is working with the
>> usernametoken, and/or dont provide a valid cxf config xml.
>>
>> Thanx
>> Csaba
>>
>>
>

Reply via email to