Hi David, > Question: Can CXF 2.4.0 currently support the wsse:Security header attached?
Yes, it should be able to both generate and process such a Security header. The best way to find out is to try it, and then log a JIRA if you run in to a problem. What are your requirements in general? What sort of use-cases are you trying to support/implement? > What areas are still under development? The whole WS-Security* area is under fairly active development at the moment, even though the functionality is relatively mature at this stage. I'm doing a lot of work in the XML Security library (Apache Santuario) that underpins the WS-Security implementation in CXF, mainly based around performance and getting rid of some thread-safety issues. I'm also working on improving WS-Trust and WS-SecurityPolicy support in CXF. I plan to implement Kerberos Support some time in the future. Colm. On Fri, May 6, 2011 at 6:37 PM, Morris Jr, David P <[email protected]> wrote: > I started researching the new CXF 2.4.0 interested primarily in the WSS4J and > SAML 2.0 support. Eventually we would like to migrate from our custom > implementation of Open SAML 2.0 with CXF's SAML 2.0 implementation. Updates > to WS-* specifications will be handled by CXF and less code for us to > maintain. > > Question: Can CXF 2.4.0 currently support the wsse:Security header attached? > What areas are still under development? > > Thanks in advance! > ________________________________ > <soap:Header> > <wsse:Security soap:mustUnderstand="true" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> > <ds:Signature Id="Signature-8" > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI="#Timestamp-7"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>YtLledhlM4iksIPySqsaBvD+QC8=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>MqJV0iG8UHD9U5iGRttnLw4J3sHgar7414w/d1JrG53TmmcHa7w1WWuQJvzmoUgHjfa1EHRtAh88 > c707mFXUeg==</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-AB6E726865A429836C130348036689911"> > <wsse:SecurityTokenReference > wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; > > xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";> > <wsse:KeyIdentifier > ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";>_6d2de2bb7800cc05774aee8d177f3068</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > <wsu:Timestamp wsu:Id="Timestamp-7" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsu:Created>2011-04-22T13:52:46.899Z</wsu:Created> > <wsu:Expires>2011-04-29T13:52:46.899Z</wsu:Expires> > </wsu:Timestamp> > <saml2:Assertion ID="_6d2de2bb7800cc05774aee8d177f3068" > IssueInstant="2011-04-22T13:52:47.133Z" Version="2.0" > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > <saml2:Issuer > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA, > OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI="#_6d2de2bb7800cc05774aee8d177f3068"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > <ds:DigestValue>y7rnOVmGNYoyzjHKeRNuNw/HnYc=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>EnU7dIXrkDNHPdiJFM8sT1PBSS9Qr68PRQU2iDRDx0l9q1bP7gJubPtTUC6V/PC00HVjjZEwxF/5CtVMiQpK8A==</ds:SignatureValue> > <ds:KeyInfo> > <ds:KeyValue> > <ds:RSAKeyValue> > > <ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy > vwf8I/UAcQ==</ds:Modulus> > <ds:Exponent>AQAB</ds:Exponent> > </ds:RSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </ds:Signature> > <saml2:Subject> > <saml2:NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA, > OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:NameID> > <saml2:SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> > <saml2:SubjectConfirmationData> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:KeyValue> > <ds:RSAKeyValue> > > <ds:Modulus>hdL6O/WKqt5NDoOfYlmg6bOsKEB/WXCsSw3wuuRI6zUUlWn4/6BUA21p0D02qfV8M6FzXBInughy > vwf8I/UAcQ==</ds:Modulus> > <ds:Exponent>AQAB</ds:Exponent> > </ds:RSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </saml2:SubjectConfirmationData> > </saml2:SubjectConfirmation> > </saml2:Subject> > <saml2:AuthnStatement AuthnInstant="2011-04-22T13:52:47.133Z" > SessionIndex="_6d2de2bb7800cc05774aee8d177f3068"> > <saml2:SubjectLocality Address="127.0.0.1" > DNSName="localhost.domain.com"/> > <saml2:AuthnContext> > > <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml2:AuthnContextClassRef> > </saml2:AuthnContext> > </saml2:AuthnStatement> > <saml2:AttributeStatement> > <saml2:Attribute > Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> > <saml2:AttributeValue>Steven Cason</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute > Name="urn:oasis:names:tc:xspa:1.0:subject:organization"> > <saml2:AttributeValue>Lockheed Martin > ONC-NHIN</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute > Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"> > <saml2:AttributeValue>urn:oid:9.8.7.6</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId"> > > <saml2:AttributeValue>urn:oid:HIO1_signed</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute > Name="urn:oasis:names:tc:xacml:2.0:subject:role"> > <saml2:AttributeValue> > <hl7:Role hl7:code="307969004" > hl7:codeSystem="2.16.840.1.113883.6.96" hl7:codeSystemName="SNOMED_CT" > hl7:displayName="Public health officer" xsi:type="CE" > xmlns:hl7="urn:hl7-org:v3" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/> > </saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute > Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse"> > <saml2:AttributeValue> > <hl7:PurposeOfUse hl7:code="PUBLICHEALTH" > hl7:codeSystem="2.16.840.1.113883.3.18.7.1" hl7:codeSystemName="nhin-purpose" > hl7:displayName="Uses and disclosures for public health activities." > xsi:type="CE" xmlns:hl7="urn:hl7-org:v3" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/> > </saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute > Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id"> > > <saml2:AttributeValue>6789^^^&1.2.840.114350.1.13.9997.2.3412&ISO</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi"> > <saml2:AttributeValue>1234567890</saml2:AttributeValue> > </saml2:Attribute> > </saml2:AttributeStatement> > <saml2:AuthzDecisionStatement Decision="Permit" > Resource="https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService";> > <saml2:Action > Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc">Execute</saml2:Action> > <saml2:Evidence> > <saml2:Assertion ID="_c02a5f8985141f6225763f7b5fc1bfc3" > IssueInstant="2011-04-22T13:52:47.133Z" Version="2.0"> > <saml2:Issuer > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=LMCA, > OU=LMSecurity, O=LMNetworks, L=Windsor Mill, ST=Maryland, C=US</saml2:Issuer> > <saml2:Conditions NotBefore="2011-04-22T13:52:47.133Z" > NotOnOrAfter="2011-04-29T13:52:47.133Z"/> > <saml2:AttributeStatement> > <saml2:Attribute Name="AccessConsentPolicy" > NameFormat="http://www.hhs.gov/healthit/nhin";> > > <saml2:AttributeValue>urn:oid:1.2.3.4</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute Name="InstanceAccessConsentPolicy" > NameFormat="http://www.hhs.gov/healthit/nhin";> > > <saml2:AttributeValue>urn:oid:1.2.3.4.123456789</saml2:AttributeValue> > </saml2:Attribute> > </saml2:AttributeStatement> > </saml2:Assertion> > </saml2:Evidence> > </saml2:AuthzDecisionStatement> > </saml2:Assertion> > </wsse:Security> > <Action > xmlns="http://www.w3.org/2005/08/addressing";>urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery</Action> > <MessageID > xmlns="http://www.w3.org/2005/08/addressing";>uuid:38e27557-ae31-4afe-a2c8-cd334713cf7b</MessageID> > <To soap:mustUnderstand="true" > xmlns="http://www.w3.org/2005/08/addressing";>https://ssa-l0035:8181/pd/PatientDiscoveryGatewayService?wsdl</To> > <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";> > <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> > </ReplyTo> > </soap:Header> > > >
