Re: Configure SamlCallbackHandler for Dispatch client

Tue, 18 Sep 2018 02:21:51 -0700 

Putting it on the client request context should work. The question is
though, how are you configuring that a SAML token is required? Setting the
SAML CallbackHandler is not enough - either you need to have a SamlToken
policy assertion in the WSDL (or in a local policy file) or else you need
to set up the WSS4JOutInterceptor to configure it to include a SAML token.

Colm.

On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <stephan.burk...@visana.ch>
wrote:

> Hi
>
> I am trying to "decorate" an outgoing web service call with a SAML token
> for authentication. Therefore I have written a SamlCallbackHandler. It is
> for sure not yet complete, but I am already failing to configure it onto my
> CXF client which is a Dispatch client.
>
> I have found that I need to configure the key
> SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler
> instance.
>
> I also found JAX-B based examples who configure the handler on the web
> service port type:
>     ((BindingProvider)saml2Port).getRequestContext().put(
>     "ws-security.saml-callback-handler", new SamlCallbackHandler()
>     );
>
> But my dispatch client has no port type class. It looks like this
> (simplified names):
>
>     @Bean
>     public Dispatch<Source> myClient(final SamlCallbackHandler
> samlCallbackHandler) {
>         QName serviceName = new QName("namespace", "service");
>         QName portName = new QName("namespace ", "port");
>         Service service = Service.create(serviceName);
>         service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> "address");
>         Dispatch<Source> dispatch = service.createDispatch(portName,
> Source.class, Service.Mode.PAYLOAD);
>         Client client =
> ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
>         client.getInInterceptors().add(new LoggingInInterceptor());
>         client.getOutInterceptors().add(new LoggingOutInterceptor());
>         return dispatch;
>     }
>
> On this client I tried to configure my SamlCallbackHandler like this:
>
>     1.
> client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
>     2. client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
>
> Unfortunately none of them works, the handle method of the handler is
> never called and therefore the outgoing request has no token.
>
> How can I configure the SamlCallbackHandler on a Dispatch client? I did
> not found an example in the CXF project.
>
> Thanks
> Stephan
>
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to