ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Pell (JIRA)" <>
Subject [jira] [Commented] (WSS-516) Change saml AssertionWrapper to setSamlVersion before calling callback handler
Date Wed, 08 Oct 2014 08:49:33 GMT


Jason Pell commented on WSS-516:


Fair question, sorry I was not clearer.  What I am trying to achieve is a generic CallbackHandler
which can create Saml 2 or 1.1 bearer tokens.  What controls whether I should create a 1.1
vs a 2.0 token is what is in the server side WS-Policy definition.

>From what I could determine from the wss4j 1.6 code, the saml version in the params is
also the version for the WS-Policy assertion that the token is being generated for.

I know that a callback handler to generate a token locally is probably not the primary use
case, but I am wanting to use bearer tokens with mutual ssl, instead of NoPassword username

And at the moment, if the service wsdl policy is changed to saml v2 my existing callback will
still continue to produce 1.1 tokens, unless I change the client configuration as well.  It
would be so much easier if I could drive the saml token version generation based on what the
service is asking for, like everything else for cxf clients with cxf ws-policy

> Change saml AssertionWrapper to setSamlVersion before calling callback handler
> ------------------------------------------------------------------------------
>                 Key: WSS-516
>                 URL:
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.0.2, 1.6.17
>            Reporter: Jason Pell
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.6.18, 2.0.3
>         Attachments: patch-1.6.txt
> If the SAMLCallback was provided the expected Saml Version based on information already
provided to the AssertionWrapper, it would be easy for a local SAMLCallback to create the
correct saml token.
> For most everything in CXF we can use the WS-Policy to determine what needs to be done
on the client side to correct interface with a cxf web service.
> With this small change a SAML Callback handler can create the appropriately versioned
saml token without additional configuration.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message