Hello Nanadana, In the previous mails you stated that the third step: 3.) WS - B ---- SAML2 (signed by STS - A) / validate --------> STS B
Could be worked out with little efforts, does it mean that Rampart does not provide broker trust between STS? If so or otherwise, how can I work out broker trust? Is there any best-practices, code or how-to that you can point me to?! Thanks. 2009/9/29 Francesco Stampacchia <[email protected]> > Yes this is my scenario. Are there any guides that can point me in the > right direction in order to work out this environment?! > > But in order to validate my assertion only if the sender is trusted, do I > have to exchange Trust in between STS A and STS B?! > > Thanks > > 2009/9/29 Nandana Mihindukulasooriya <[email protected]> > > Sorry, I was busy with some lectures yesterday. You are talking about >> the following scenario, right ? This is possible with Rampart, but >> third step is not done by Rampart by default. Normally Rampart tries >> to validate the token by it self, but this can be done with little >> effort. >> >> thanks, >> Nandana >> >> 1.) WS - A ---- credentials >> ---------------------------> STS - A >> <---- SAML2 (signed by STS - A) ---------------- >> >> 2.) WS - A ------------- SAML2 (signed by STS - A) ----------> WS - B >> >> 3.) WS - B ---- SAML2 (signed by STS - A) / validate --------> STS B >> >> 4.) WS - A <----------------- response ------------------------------ WS - >> B >> >> On Tue, Sep 29, 2009 at 10:30 AM, Francesco Stampacchia >> <[email protected]> wrote: >> > Hello Nandana, >> > Have you got some news about the question I asked you yesterday? >> > >> > Thanks. >> > >> > 2009/9/28 Francesco Stampacchia <[email protected]> >> >> >> >> I've got a WSC on domain A that has to access a WS on domain B. >> >> WSC would present its credentials to its local STS and so obtains a >> SAML2 >> >> Assertion. >> >> Then the newly generated assertion is sent to the WS. >> >> The WS will present the received assertion to its STS in order to >> validate >> >> it. Validation will be succsessful only if both STS are federated. >> >> >> >> Thanks >> >> >> >> 2009/9/28 Nandana Mihindukulasooriya <[email protected]> >> >>> >> >>> Yes, it is possible to use Rampart for trust operation and by default >> >>> Rampart comes with a token issuer, renewer, validator and canceller >> >>> for SAML tokens. What exactly is your scenario ? >> >>> >> >>> thanks, >> >>> Nandana >> >>> >> >>> >> >>> ---------- Forwarded message ---------- >> >>> From: Francesco Stampacchia <[email protected]> >> >>> Date: Mon, Sep 28, 2009 at 1:00 PM >> >>> Subject: WS-Trust with Rampart >> >>> To: [email protected] >> >>> >> >>> >> >>> It is possible to exploit WS-Trust operations with the new Rampart >> >>> release?! >> >>> If so, could you point me to some references or best practices?! >> >>> >> >>> Thanks >> >>> >> >>> -- >> >>> Francesco Stampacchia >> >> >> >> >> >> >> >> -- >> >> Francesco Stampacchia >> > >> > >> > >> > -- >> > Francesco Stampacchia >> > >> > > > > -- > Francesco Stampacchia > -- Francesco Stampacchia
