Hi Christina, Rampart supports adding SAML Tokens to the security header in the policy based implementation. You can see an example here :
http://marc.info/?l=axis-user&m=118665642802630&w=2 By the way note that this requires the service to express it requirements in policy and this sample uses the token acquired from the Security Token Service to encrypt and sign the message. I'm not sure what you mean by "...SAML tokens with encryption of the user name and signature will be used ...". Please check whether the above sample fits your requirement. Thanks, Ruchith On 8/14/07, Christina Larocca <[EMAIL PROTECTED]> wrote: > Hi all Axis2 users: > > I have been managing some web services using UsernameTokens (without using > rampart) to convey identities. I've a client that connects to a Token issuer > service that provides it an EndpointReference and the Username token needed > to authenticate. Now I must remodelate the security of the whole model and > instead of that, SAML tokens with encryption of the user name and signature > will be used. The last axis2 version I've been using was the 1.1 and now I'm > thinking about updating to the newest one and start using rampart. > > I have read that, unfortunatelly, Rampart itself can't be configured to add > the SAML token to the Security header and that it delegates those functions > to a STS called Rahas. The documentation I found about Rahas is very weak > and despite my experience I don't have a clue about where or how to start. > Could anyone indicate me where to find a good tutorial or use examples? Or, > even better, could anyone show me some code to generate the tokens? If it's > possible, I would prefer to config rahas with code instead of creating text > config files. > > Thanks in advance. > > Christina. > > -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
