Hi Ishara,
Thanks for the patch. :)
Audience restriction is working fine. however claims seems to be not
working. I am using IS 4.6.0.
below is my config and SAML response im getting. Is something wrong with my
config.. ?
<SSOIdentityProviderConfig>
<ServiceProviders>
<ServiceProvider>
<Issuer>console</Issuer>
<AssertionConsumerService>
https://localhost:9443/console/controllers/acs.jag
</AssertionConsumerService>
<UseFullyQualifiedUsernameInNameID>true</UseFullyQualifiedUsernameInNameID>
<SignResponse>true</SignResponse>
<SignAssertion>true</SignAssertion>
<EnableAttributeProfile>true</EnableAttributeProfile>
<IncludeAttributeByDefault>true</IncludeAttributeByDefault>
<Claims>
<Claim>http://wso2.org/claims/role</Claim>
</Claims>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<AudiencesList>
<Audience>https://localhost:9445/oauth2/token</Audience>
</AudiencesList>
</ServiceProvider>
</ServiceProviders>
</SSOIdentityProviderConfig>
<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="onegflcglhkcgcolageajagijpgjippfganmfokm"
IssueInstant="2014-01-14T09:44:54.303Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://localhost:9443/samlsso
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#onegflcglhkcgcolageajagijpgjippfganmfokm">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vACM+j+xfTOYkFy9CtFCgeJtSqM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
jCwg4vqYMQePr4HGbyYQ2WPn0bS7qKJ/iuIn/f/zHwBiou/ibfTbdshp3IJkXH3bfcqeNB5SMbFpYtvUNNsYAzfmv0spltizUuiy415KiPy1Z/71tvLlTkpuw4MarPAOC3vayQIohMRu9Vp8t/dp6hSEj+WBtHOXz8/lxffSM10=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="opllinmaahdgflfgilgkfmpoeijeknbnoclojbin"
NotOnOrAfter="2014-01-14T09:49:54.303Z"
Recipient="
https://localhost:9443/console/controllers/acs.jag"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-01-14T09:44:54.303Z"
NotOnOrAfter="2014-01-14T09:49:54.303Z">
<saml2:AudienceRestriction>
<saml2:Audience>console</saml2:Audience>
<saml2:Audience>https://localhost:9445/oauth2/token
</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2014-01-14T09:44:54.309Z"
SessionIndex="f12b0e77-6ff6-4c31-8b57-d28f82820555">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
On Tue, Jan 14, 2014 at 2:36 PM, Ishara Karunarathna <[email protected]>wrote:
> Hi Pradeep,
>
>
>
>
> On Fri, Jan 10, 2014 at 5:15 PM, Pradeep Fernando <[email protected]>wrote:
>
>> Hi,
>>
>> we can register SP s via sso-idp-config.xml. However we cant configure
>> things such audience restrictions/etc.
>>
> I have created
> org.wso2.stratos.identity.saml2.sso.mgt. 2.2.1
> org.wso2.stratos.identity.saml2.sso.mgt.ui 2.2.1
> components with adding the missing configurations.
>
>>
>> We are in need of the functionality for stratos upcoming release. Is it
>> possible to sync up the config file capabilities with that of UI. IMHO, we
>> should move the functionality to identity component.
>>
> Yes we will check possibility of adding these components under identity
> components with next IS release
>
>>
>> thanks,
>> --Pradeep
>>
>>
>>
> Thanks,
> Ishara
> --
> Ishara Karunarathna
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>
> email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94
> 718211678
>
--
*Pradeep Fernando*
Associate Technical Lead;WSO2 Inc.; http://wso2.com
blog: http://pradeepfernando.blogspot.com
m: +94776603662
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
