axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Reinhold" <brianreinh...@lampreynetworks.com>
Subject RE: SAML Assertion not attached to soap header
Date Wed, 08 Apr 2015 08:56:18 GMT
Prakash,

 

As I recall you do it on the server side (where the SAML token is generated) in the service
xml for your STS.

 

Something like this (at least for the time for the SAML token to be valid).  

 

                <!--  30 days -->

                <timeToLive>2592000</timeToLive>

                <keySize>256</keySize>

                <addRequestedAttachedRef />

                <addRequestedUnattachedRef />

 

As far as the ‘skew time’  is concerned, I am not quite sure what that is. Has that something
to do with SAML or the time stamp security header (which has nothing to do with SAML)?

 

Brian

 

From: Rangasamy, Prakash [mailto:Prakash.Rangasamy@scientificgames.com] 
Sent: Wed, April 08, 2015 2:39 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Brian,

                I have a requirement to include SAML expiration date and Skew time in SAML
token request. You have any idea how to achieve this. 

 

From: Brian Reinhold [mailto:brianreinhold@lampreynetworks.com] 
Sent: 03 April 2015 PM 04:37
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Prakash,

 

Unfortunately I know of no tutorials. And I know their examples are not correct in the secure
domain. I had to make a number of fixes on the client side to get it to work.

 

Brian

 

From: Rangasamy, Prakash [mailto:Prakash.Rangasamy@scientificgames.com] 
Sent: Friday, April 3, 2015 6:43 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Brian,

                I was using rampart1.5, replaced it with rampart1.6.1 now and tested. It is
working, now I can see the SAML Assertion added to soap header. I guess issue with the lower
version jars. Thanks for your help.

 

Can you suggest any tutorial for axis rampart..

 

 

From: Brian Reinhold [ <mailto:brianreinhold@lampreynetworks.com> mailto:brianreinhold@lampreynetworks.com]

Sent: 03 April 2015 PM 03:10
To:  <mailto:java-dev@axis.apache.org> java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Prakash,

 

After looking at that old code I see that you do exactly the same thing as I did. Of course
that raises the question of whether or not your STS request was successfully generating the
token. One has to take the effort to extract the token from the STS response and store it
using the Rampart TokenStorage class. Have you checked to see if you get a token?

 

Here is a code snippet I had for the STS where I printed out the token to a file (there may
be other junk in this code that is superfluous … I don’t recall since I have not used
it for years!):

 

        Options opts = new Options();

        /* These are for Username token */

        opts.setUserName("some name");

        opts.setPassword("some password");

        opts.setProperty(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallback());

        opts.setProperty(AddressingConstants.ADD_MUST_UNDERSTAND_TO_ADDRESSING_HEADERS, true);

        opts.setProperty(AddressingConstants.INCLUDE_OPTIONAL_HEADERS, true);

        client.setOptions(opts);

        Policy policy = PolicyEngine.getPolicy(getClass().getResourceAsStream("policy.xml"));

        Policy stsPolicy = PolicyEngine.getPolicy(getClass().getResourceAsStream("sts-policy.xml"));

        theToken = client.requestSecurityToken(policy, service.toString(), stsPolicy, null);

        TokenStorage store = TrustUtil.getTokenStore(ctxt);

        store.add(theToken);

        OMElement token = theToken.getToken();

        try

        {

            String samlToken = token.toString();

            File file = new File("SAMLToken");

            FileOutputStream fos = new FileOutputStream(file);

            fos.write(samlToken.getBytes());

            fos.flush();

            fos.close();

        }

 

There was a method in this class that returned the token:

 

    public Token getToken()

    {

        return theToken;

    }

 

which is what I used in the 

options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());

 

line.

 

Brian

From: Rangasamy, Prakash [mailto:Prakash.Rangasamy@scientificgames.com] 
Sent: Friday, April 3, 2015 1:04 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Hi Brian,

                we have STS server which generates Token, that is perfectly fine. My doubt
is, how to include the token to soap header. I tried to include the token to soap request
through setproperty(refer code snippet below) 

options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());

 

but when we examine the soap request in log, not able to locate the attached SAMl  token.

 

1.    I don't know where we are sending to the server the SAML assertion in the soapMessage,
is this because the information is encryptied?

2.    Could you please share me some tutorial about rampart policy(how to sign, encrypt, include
SAML)

 

your reply is highly appreciated..

 

Thanks,

Prakash

From: Brian Reinhold [ <mailto:brianreinhold@lampreynetworks.com> mailto:brianreinhold@lampreynetworks.com]

Sent: 03 April 2015 AM 03:22
To:  <mailto:java-dev@axis.apache.org> java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header

 

Prakash,

 

I am not sure what you are trying to do. Usually the client requests a token from a SAML server
(perhaps with WS-Trust) and the token is generated on the server which you then use as an
opaque block in a message to the server. Are you creating the token on the client?

 

Brian

 

From: Rangasamy, Prakash [ <mailto:Prakash.Rangasamy@scientificgames.com> mailto:Prakash.Rangasamy@scientificgames.com]

Sent: Thu, April 02, 2015 12:38 PM
To:  <mailto:java-dev@axis.apache.org> java-dev@axis.apache.org
Subject: SAML Assertion not attached to soap header

 

Hi,
 I'm new in SAML with Axis2 Rampart. we are developing a web service client to communicate
to secure web service which has SAML enabled. 
we included the SAML Assertion to soap request thru KEY_CUSTOM_ISSUED_TOKEN. but when we examine
the request sent to endpoint, SAML Assertion is not present in header.

Is this issue in rampart or im missing something in the config. 

thanks,
Prakash

 

 

Prakash Rangasamy | Software Analyst |  <http://www.ballytech.com> Bally Technologies
 | (O) +1 702 532 2662 | (M) +91 77 6039 7260


May be privileged. May be confidential. Please delete if not the addressee.
Prakash Rangasamy

  _____  

No virus found in this message.
Checked by AVG -  <http://www.avg.com> www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

No virus found in this message.
Checked by AVG -  <http://www.avg.com> www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9482 - Release Date: 04/07/15

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9482 - Release Date: 04/07/15


Mime
View raw message