RE: Example policy file needed
Hi Ruchith, While I agree that the client needs to have a way of picking the alternative, server side enablement is more pressing. In most cases I've encountered, the authn alternatives are expressed via out-of-band means - docs, mutual agreement, etc. I'd love to see WS-MEX or some kind of policy exchange in rampart but right now the pressing issue (for us and apparently to others) is to enable the service to receive alternative authn materials. Best Regards, George -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 10:05 PM To: axis-user@ws.apache.org Subject: Re: Example policy file needed IMHO we have to improve both Axis2 and Rampart if we are to support policy alternatives. A service can express a set of alternatives that it can handle and right now we should be able to fix Rampart to support this. However at the client side we should have some way of picking the alternative. At this point we have to decide how Axis2 client API has to behave. Thoughts? Thanks, Ruchith On Wed, Mar 5, 2008 at 8:31 PM, George Stanchev [EMAIL PROTECTED] wrote: Hi Nandana, Is that Neethi or Rampart shortcoming? I also am in need of alternative policy support for the same two token types as in Simon's message. Do you need a JIRA? Best Regards, George -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 1:31 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AMTo: axis-user@ws.apache.orgSubject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message
RE: Example policy file needed
I agree with George's take on the situation. I believe that having the server support multiple authorization mechanisms for a single endpoint is extremely valuable. Maybe make a patch to 1.3? -Simon -Original Message- From: George Stanchev [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2008 8:39 AM To: axis-user@ws.apache.org Subject: RE: Example policy file needed Hi Ruchith, While I agree that the client needs to have a way of picking the alternative, server side enablement is more pressing. In most cases I've encountered, the authn alternatives are expressed via out-of-band means - docs, mutual agreement, etc. I'd love to see WS-MEX or some kind of policy exchange in rampart but right now the pressing issue (for us and apparently to others) is to enable the service to receive alternative authn materials. Best Regards, George -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 10:05 PM To: axis-user@ws.apache.org Subject: Re: Example policy file needed IMHO we have to improve both Axis2 and Rampart if we are to support policy alternatives. A service can express a set of alternatives that it can handle and right now we should be able to fix Rampart to support this. However at the client side we should have some way of picking the alternative. At this point we have to decide how Axis2 client API has to behave. Thoughts? Thanks, Ruchith On Wed, Mar 5, 2008 at 8:31 PM, George Stanchev [EMAIL PROTECTED] wrote: Hi Nandana, Is that Neethi or Rampart shortcoming? I also am in need of alternative policy support for the same two token types as in Simon's message. Do you need a JIRA? Best Regards, George -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 1:31 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AMTo: axis-user@ws.apache.orgSubject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use
Re: Example policy file needed
IMHO we have to improve both Axis2 and Rampart if we are to support policy alternatives. A service can express a set of alternatives that it can handle and right now we should be able to fix Rampart to support this. However at the client side we should have some way of picking the alternative. At this point we have to decide how Axis2 client API has to behave. Thoughts? Thanks, Ruchith On Wed, Mar 5, 2008 at 8:31 PM, George Stanchev [EMAIL PROTECTED] wrote: Hi Nandana, Is that Neethi or Rampart shortcoming? I also am in need of alternative policy support for the same two token types as in Simon's message. Do you need a JIRA? Best Regards, George -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 1:31 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Example policy file needed
Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Example policy file needed
Hi Nandana, Is that Neethi or Rampart shortcoming? I also am in need of alternative policy support for the same two token types as in Simon's message. Do you need a JIRA? Best Regards, George -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 1:31 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Example policy file needed
Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Example policy file needed
Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Example policy file needed
I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon
