[jira] [Commented] (WSS-516) Change saml AssertionWrapper to setSamlVersion before calling callback handler

Wed, 08 Oct 2014 01:50:24 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163238#comment-14163238
 ] 

Jason Pell commented on WSS-516:
--------------------------------

Colm,

Fair question, sorry I was not clearer.  What I am trying to achieve is a 
generic CallbackHandler which can create Saml 2 or 1.1 bearer tokens.  What 
controls whether I should create a 1.1 vs a 2.0 token is what is in the server 
side WS-Policy definition.

>From what I could determine from the wss4j 1.6 code, the saml version in the 
>params is also the version for the WS-Policy assertion that the token is being 
>generated for.

I know that a callback handler to generate a token locally is probably not the 
primary use case, but I am wanting to use bearer tokens with mutual ssl, 
instead of NoPassword username tokens.

And at the moment, if the service wsdl policy is changed to saml v2 my existing 
callback will still continue to produce 1.1 tokens, unless I change the client 
configuration as well.  It would be so much easier if I could drive the saml 
token version generation based on what the service is asking for, like 
everything else for cxf clients with cxf ws-policy

> Change saml AssertionWrapper to setSamlVersion before calling callback handler
> ------------------------------------------------------------------------------
>
>                 Key: WSS-516
>                 URL: https://issues.apache.org/jira/browse/WSS-516
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.0.2, 1.6.17
>            Reporter: Jason Pell
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.6.18, 2.0.3
>
>         Attachments: patch-1.6.txt
>
>
> If the SAMLCallback was provided the expected Saml Version based on 
> information already provided to the AssertionWrapper, it would be easy for a 
> local SAMLCallback to create the correct saml token.
> For most everything in CXF we can use the WS-Policy to determine what needs 
> to be done on the client side to correct interface with a cxf web service.
> With this small change a SAML Callback handler can create the appropriately 
> versioned saml token without additional configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to