[
https://issues.apache.org/jira/browse/CXF-3630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13060626#comment-13060626
]
Colm O hEigeartaigh commented on CXF-3630:
------------------------------------------
Hi Srinivasa,
CXF should be fully capable of parsing that security policy, and constructing
the appropriate request. You shouldn't have to go near the interceptors, or
specify any actions in order to send and process these kinds of requests. See
the SamlTokenTest in the systests for an example:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?view=markup
This set of tests uses the following WSDL (with embedded security policies):
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?view=markup
Here is the spring configuration for the client:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?view=markup
You may also be interested in a write-up I did on a SAML sample in Talend
Service Factory (based on Apache CXF 2.4.x):
http://coheigea.blogspot.com/2011/06/ws-securitypolicysaml-sample-in-talend.html
Colm.
> WSS4JIn Interceptor Issue
> -------------------------------
>
> Key: CXF-3630
> URL: https://issues.apache.org/jira/browse/CXF-3630
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Srinivasa Kukatla
>
> WSS4JInInterceptor does not assert the policies. Hence I had to use the
> PolicyBasedWSS4JInInterceptor, but it does not have the constructor. Hence I
> had to add the constructor. Here is another problem:
> I need the following requirement, Saml Assertion needs to be signed,
> Timestamp needs to be signed:
> But, on the wss4jOutInterceptor, if I say Timestamp, SAMLTokenSigned, and
> Signature, the actions are mismatching. Hence i had to use only the first two
> actions.
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp SAMLTokenSigned"/>
> <entry key="timeToLive"
> value="${timestamp.expiration.property}"/>
> <entry key="user" value="${client.signature.username}"/>
> <entry>
> <key>
>
> <value>passwordCallbackRef</value>
> </key>
> <ref
> bean="passwordCallBackHandler"/>
> </entry>
> <entry key="passwordType" value="PasswordDigest" />
> <entry key="samlPropFile" value="${client.saml.properties}"/>
> <entry key="signaturePropFile"
> value="${client.signature.properties}" />
> <entry key="signatureAlgorithm"
> value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <entry key="signatureParts"
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
> </map>
> </constructor-arg>
> But, on the WSS4JInInterceptor, I needed to configure 3 actions as shown
> below:
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp SAMLTokenSigned
> Signature "/>
> <entry key="timeToLive"
> value="${timestamp.expiration.property}"/>
> <entry key="passwordType" value="PasswordDigest" />
> <entry key="signaturePropFile"
> value="${server.signature.properties}" />
> <entry key="signatureAlgorithm"
> value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <entry key="signatureParts"
> value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
> <entry key="enableSignatureConfirmation" value="true" />
> </map>
> </constructor-arg>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
