Putting it on the client request context should work. The question is though, how are you configuring that a SAML token is required? Setting the SAML CallbackHandler is not enough - either you need to have a SamlToken policy assertion in the WSDL (or in a local policy file) or else you need to set up the WSS4JOutInterceptor to configure it to include a SAML token.
Colm. On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <stephan.burk...@visana.ch> wrote: > Hi > > I am trying to "decorate" an outgoing web service call with a SAML token > for authentication. Therefore I have written a SamlCallbackHandler. It is > for sure not yet complete, but I am already failing to configure it onto my > CXF client which is a Dispatch client. > > I have found that I need to configure the key > SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler > instance. > > I also found JAX-B based examples who configure the handler on the web > service port type: > ((BindingProvider)saml2Port).getRequestContext().put( > "ws-security.saml-callback-handler", new SamlCallbackHandler() > ); > > But my dispatch client has no port type class. It looks like this > (simplified names): > > @Bean > public Dispatch<Source> myClient(final SamlCallbackHandler > samlCallbackHandler) { > QName serviceName = new QName("namespace", "service"); > QName portName = new QName("namespace ", "port"); > Service service = Service.create(serviceName); > service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, > "address"); > Dispatch<Source> dispatch = service.createDispatch(portName, > Source.class, Service.Mode.PAYLOAD); > Client client = > ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient(); > client.getInInterceptors().add(new LoggingInInterceptor()); > client.getOutInterceptors().add(new LoggingOutInterceptor()); > return dispatch; > } > > On this client I tried to configure my SamlCallbackHandler like this: > > 1. > client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, > samlCallbackHandler); > 2. client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER, > samlCallbackHandler); > > Unfortunately none of them works, the handle method of the handler is > never called and therefore the outgoing request has no token. > > How can I configure the SamlCallbackHandler on a Dispatch client? I did > not found an example in the CXF project. > > Thanks > Stephan > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com