I started researching the new CXF 2.4.0 interested primarily in the WSS4J and
SAML 2.0 support. Eventually we would like to migrate from our custom
implementation of Open SAML 2.0 with CXF's SAML 2.0 implementation. Updates to
WS-* specifications will be handled by CXF and less code for us to maintain.
Question: Can CXF 2.4.0 currently support the wsse:Security header attached?
What areas are still under development?
Thanks in advance!
________________________________
<soap:Header>
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<ds:Signature Id="Signature-8"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Timestamp-7">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>YtLledhlM4iksIPySqsaBvD+QC8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MqJV0iG8UHD9U5iGRttnLw4J3sHgar7414w/d1JrG53TmmcHa7w1WWuQJvzmoUgHjfa1EHRtAh88
c707mFXUeg==</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-AB6E726865A429836C130348036689911">
<wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_6d2de2bb7800cc05774aee8d177f3068</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="Timestamp-7"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Created>2011-04-22T13:52:46.899Z</wsu:Created>
<wsu:Expires>2011-04-29T13:52:46.899Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion ID="_6d2de2bb7800cc05774aee8d177f3068"
IssueInstant="2011-04-22T13:52:47.133Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_6d2de2bb7800cc05774aee8d177f3068">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>y7rnOVmGNYoyzjHKeRNuNw/HnYc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>EnU7dIXrkDNHPdiJFM8sT1PBSS9Qr68PRQU2iDRDx0l9q1bP7gJubPtTUC6V/PC00HVjjZEwxF/5CtVMiQpK8A==</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy
vwf8I/UAcQ==</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy
vwf8I/UAcQ==</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2011-04-22T13:52:47.133Z"
SessionIndex="_6d2de2bb7800cc05774aee8d177f3068">
<saml2:SubjectLocality Address="127.0.0.1"
DNSName="localhost.domain.com"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute
Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
<saml2:AttributeValue>Steven Cason</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml2:AttributeValue>Lockheed Martin
ONC-NHIN</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue>urn:oid:9.8.7.6</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
<saml2:AttributeValue>urn:oid:HIO1_signed</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml2:AttributeValue>
<hl7:Role hl7:code="307969004"
hl7:codeSystem="2.16.840.1.113883.6.96" hl7:codeSystemName="SNOMED_CT"
hl7:displayName="Public health officer" xsi:type="CE"
xmlns:hl7="urn:hl7-org:v3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml2:AttributeValue>
<hl7:PurposeOfUse hl7:code="PUBLICHEALTH"
hl7:codeSystem="2.16.840.1.113883.3.18.7.1" hl7:codeSystemName="nhin-purpose"
hl7:displayName="Uses and disclosures for public health activities."
xsi:type="CE" xmlns:hl7="urn:hl7-org:v3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute
Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml2:AttributeValue>6789^^^&1.2.840.114350.1.13.9997.2.3412&ISO</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml2:AttributeValue>1234567890</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthzDecisionStatement Decision="Permit"
Resource="https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService";>
<saml2:Action
Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc">Execute</saml2:Action>
<saml2:Evidence>
<saml2:Assertion ID="_c02a5f8985141f6225763f7b5fc1bfc3"
IssueInstant="2011-04-22T13:52:47.133Z" Version="2.0">
<saml2:Issuer
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA,
OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer>
<saml2:Conditions NotBefore="2011-04-22T13:52:47.133Z"
NotOnOrAfter="2011-04-29T13:52:47.133Z"/>
<saml2:AttributeStatement>
<saml2:Attribute Name="AccessConsentPolicy"
NameFormat="http://www.hhs.gov/healthit/nhin";>
<saml2:AttributeValue>urn:oid:1.2.3.4</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="InstanceAccessConsentPolicy"
NameFormat="http://www.hhs.gov/healthit/nhin";>
<saml2:AttributeValue>urn:oid:1.2.3.4.123456789</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2:Evidence>
</saml2:AuthzDecisionStatement>
</saml2:Assertion>
</wsse:Security>
<Action
xmlns="http://www.w3.org/2005/08/addressing";>urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</Action>
<MessageID
xmlns="http://www.w3.org/2005/08/addressing";>uuid:38e27557-ae31-4afe-a2c8-cd334713cf7b</MessageID>
<To soap:mustUnderstand="true"
xmlns="http://www.w3.org/2005/08/addressing";>https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService?wsdl</To>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing";>
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
</soap:Header>
