Re: [Axis2] rampart/security question

Wed, 07 Mar 2007 21:05:22 -0800 

Hi George,
See my comments below.
Cheers,
Kau

George Stanchev wrote:

Hi,
I am new to axis2/c and I had a use cases that wanted to see if it is supported. 

Clients of my services are expected to pass a SAML assertion in
wsse header. The header is or it is not tagged with specific actor.
The SAML asserttion needs to be checked for:
* integrity (using its signature)
* trust (using the PK/cert used to sign the assertion - checked against
  a local keystore)
* expiration

Finally, the assertion needs to be passed to the services (or the
services
need to be able to get a hold of it) so they can use it further.

Can someone tell me what in the use case above its possible and what now
currently and may be suggest implementation direction?
Unfortunately Rampart/C does not support SAML yet. But indeed it is in our TODO list. 
Should I write
a custom handler if rampart doesn't support this? Does axis2/c allows
access to processed and unprocessed SOAP headers from within the
services?
Yes, you may. Axis2 architecture allows you to have your own handlers and do the SOAP header processing. Alternatively you can use rampart handlers and customize it to do the SAML processing. If you are developing in C++ you can use OpenSAML. http://www.opensaml.org/ rather than writing your own SAML library. 
And FYI: We are expecting to enrich Rampart/C with SAML by July 2006.

Thanks in advance!!

You are welcome.

George Stanchev


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply e-mail and destroy all copies of the original message.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to