Hi Nuria,
> In the last email you told me about the two scenarios that RAMPART/RAHAS
> covers.
Yes, what I meant was the usage of an Issued Token ( SAML Token ) as a
supporting token which means it will be included in the SOAP message
as an additional claim and for cryptographic operations some other key
will be used. Other scenario is it is used as a protection token where
issued token ( SAML token ) will be used for cryptographic operations.
> I don't understand what the meaning of each one of these bindings is. Could
> you explain a little more about these scenarios?
There are four bindings described in the WS - Trust specification.
1.) Issue Binding
Describe the mechanism for issuing and requesting new tokens
2.) Validate Binding
Describe the mechanism for sending a validation request and
validation response
3.) Renew Binding
Describe the mechanism for sending a renew request and a response
4.) Cancel Binding
Describe the mechanism for sending a cancel request and a response
> In a document I read that there are two ways to obtain saml token.
> Is this possible with rampart/rahas? The two ways are the following:
> Security Token Acquisition
> Issued Security Token
I was talking about the Issued security token scenario in the above
mails. I am not sure what the document meant by "Security Token
Acquisition". If it meant, out of band acquisition of SAML token and
using them as Custom tokens, that is possible with Rampart.
thanks,
/nandana
>
> 2008/2/19, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
>
>
> > Hi Nuria,
> >
> > > A client accessing a WebService, and a SAML Authority (STS):
> > >
> > > 1) Have the client and the web Service to access to the same SAML
> Authority?
> > > (I have read anywhere that the SAML Authority only can be of STS type).
> >
> > Client needs access to the STS as it requires to get tokens from the STS.
> And
> > Client <---> STS and
> > STS <---> Web
> > must trust each other. Sometimes service don't need to access the STS
> > to validate the SAML token. In the examples of Rampart, service itself
> > validates the SAML token and it doesn't access the STS. But there is a
> > pre configured trust between the STS and the service.
> >
> > > 2) Covers RAHAS all the scenarios of SAML interaction between these
> actors
> > > or there are any limitations currently?
> >
> > RAMPART/RAHAS can use SAML token as a supporting token and as a
> > protection token. So those two scenarios are pretty covered.
> > WS Trust specification defines four bindings. Namely Issue , Validate,
> > Renew, Cancel bindings. At the moment, Rampart only facilitate Issue
> > and Cancel bindings. But we may be able to get the other two bindings
> > working before the next release of Apache Rampart.
> >
> > thanks,
> > /nandana
> >
> >
> >
> >
> > > 2008/2/14, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
> > >
> > > > Hi Jens,
> > > > Not at the moment. But we will include a one before next release.
> > > >
> > > > thanks,
> > > > nandana
> > > >
> > > > On Tue, Feb 12, 2008 at 2:31 PM, Jens Goldhammer
> > > > <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Hello Nunny,
> > > > >
> > > > > is there any sample available where the SAML token can be used as a
> > > > > protection token for signing and encrypting messages?
> > > > >
> > > > > Thanks,
> > > > > Jens
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Nunny wrote:
> > > > > >
> > > > > > Hi Nuria,
> > > > > >
> > > > > >> I've some doubts about SAML with axis2. I need to know if the
> > > sample05
> > > > > >> covers all the the SAML cases.
> > > > > >
> > > > > > No, it covers only one scenario. For example, this uses SAML
> token as
> > > a
> > > > > > supporting token. There is another scenarios where SAML token
> can be
> > > > > > used as a protection token where it will be used to sign and
> encrypt
> > > > > > messages.
> > > > > >
> > > > > >
> > > > > >
> > > > > >> We first receive the SAML token response then we indicate, in
> the
> > > options
> > > > > >> the responseToken id
> > > > > >> I don't know where we are sending to the server the SAML
> assertion
> > > in the
> > > > > >> soapMessage
> > > > > >
> > > > > > When the id is set, Rampart message builders add the assertion to
> the
> > > > > > security
> > > > > > header according to the security policy. If you monitor the
> messages
> > > > > > exchanged
> > > > > > through TCPMon, then you can actually see the SAML assertion in
> the
> > > > > > security
> > > > > > header of the SOAP request to the service.
> > > > > >
> > > > > >> Another thing is to know what are the requestSecurityToken
> > > parameters.
> > > > > >
> > > > > > In the client, we set these parameters using RST template.
> > > > > >
> > > > > > private static OMElement getRSTTemplate() throws Exception {
> > > > > > OMFactory fac = OMAbstractFactory.getOMFactory();
> > > > > > OMElement elem =
> > > > > >
> fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
> > > > > >
> TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
> > > > > > elem).setText(RahasConstants.TOK_TYPE_SAML_10);
> > > > > >
> TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
> > > elem,
> > > > > > RahasConstants.KEY_TYPE_PUBLIC_KEY);
> > > > > >
> TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02,
> > > elem, 256);
> > > > > > return elem;
> > > > > > }
> > > > > >
> > > > > > These parameters are defined in the WS Trust specification [1].
> > > > > >
> > > > > > /nandana
> > > > > >
> > > > > > [1] - specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
> > > > > >
> > > > > > http://nandana83.blogspot.com/
> > > > > > http://nandanasm.wordpress.com/
> > > > > >
> > > > >
> > > > > >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > View this message in context:
> > > http://www.nabble.com/SAML-with-Axis2-tp15314610p15429275.html
> > > > > Sent from the Axis - User mailing list archive at Nabble.com.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
> > http://nandana83.blogspot.com/
> > http://nandanasm.wordpress.com/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
