[jira] [Commented] (CXF-4457) Extend WS-SecureConversation to support SAML Assertions for authentication

Mon, 17 Jun 2013 03:28:44 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-4457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13685423#comment-13685423
 ] 

Colm O hEigeartaigh commented on CXF-4457:
------------------------------------------

Hi Glen,

1) The wsu:Id is just for referencing in the message, and so it doesn't matter 
that it doesn't match the wsc:Identifier value.

2) There are actually two STSClient instances at play here, one to get a token 
from the STS, and one to set up SecureConversation with the service. The reason 
we need a "sct" suffix is that we are telling CXF to use this configuration for 
the "inner" SecureConversation call, i.e. to get a token from the STS. 

3) We *could* allow the use of non-.sct properties to configure secure 
conversation as well. However, I don't want to break backwards compatibility 
either...

Colm.

                
> Extend WS-SecureConversation to support SAML Assertions for authentication
> --------------------------------------------------------------------------
>
>                 Key: CXF-4457
>                 URL: https://issues.apache.org/jira/browse/CXF-4457
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>            Reporter: Glen Mazza
>            Assignee: Colm O hEigeartaigh
>         Attachments: cxf-tutorial.patch
>
>
> Hi, as shown for GlassFish Metro:
> https://gist.github.com/3191480 
> Support the following authentication mechanism:
> 1.) The WSC gets a SAML assertion from the STS.
> 2.) The WSC sends that SAML assertion to the WSP to get the SCT from the WSP
> 3.) All subsequent real calls for doubled numbers between WSC and WSP use the 
> SCT and not the SAML assertion.
> Here is a Netbeans-generated WSDL for this scenario:
> https://github.com/gmazza/blog-samples/blob/master/cxf_sts_tutorial/service/src/main/resources/DoubleItSecrConv.txt
> A sample testcase that can be used (steps to use: update WSP WSDL with the 
> one above, run mvn clean install tomcat7:redeploy from base folder, then mvn 
> exec:exec from client folder): 
> https://github.com/gmazza/blog-samples/tree/master/cxf_sts_tutorial

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to