Hi, There is an implementation supporting the validation binding of WS-Trust in Rampart-Trust module. AFAIU, it supports the version SAMLV1.1. Please refer to SAMLTokenValidator at [1] and module.xml of rahas module at [2]. But with TokenValidator interface [3], an extension point is provided to plug-in any other token validation implementations as well.
[1] http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java [2] http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/modules/rampart-trust-mar/module.xml [3] http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java HTH. Thanks, Hasini. On Wed, Nov 9, 2011 at 3:46 PM, Pierre-yves motreff <pymotr...@gmail.com>wrote: > Hi, > > I have developed the server side of a WebService with Axis2. Now I have to > securise this side with SAML 2.0. > The client side is developed by an other company, and contains already the > signed saml assertion (x509 certificate), see an example : > > <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:assertion > http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd > " > ID="_86bb16eb-3f39-0410-9d53-919a2d5a47b9" Version="2.0" > IssueInstant="2007-09-03T19:09:56Z"> > <saml:Issuer>issuer</saml:Issuer> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <Reference URI="#_86bb16eb-3f39-0410-9d53-919a2d5a47b9"> > <Transforms> > <Transform Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /> > <DigestValue>59QJ/N...zTtwPZIw0=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>QKWB9mK...tQnWRFmL78=</SignatureValue> > <KeyInfo> > <X509Data> > <X509Certificate>MIIB2DCCAUG...61mFkJn7/Ng=</X509Certificate> > <X509Certificate>MIIB4jCCAUu...GFe7QdEO</X509Certificate> > <X509Certificate>MIIB3TCCAUa...BqxwnpnpA==</X509Certificate> > </X509Data> > </KeyInfo> > </Signature> > <saml:Subject> > <saml:NameID > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">sourceID</saml:NameID> > <saml:SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"> > <saml:SubjectConfirmationData NotOnOrAfter="2007-09-03T20:10:06Z" > Recipient="recip_id" /> > </saml:SubjectConfirmation> > </saml:Subject> > <saml:Conditions NotBefore="2007-09-03T19:09:46Z" > NotOnOrAfter="2007-09-03T20:10:06Z"> > <saml:AudienceRestriction> > <saml:Audience>http://adresse</saml:Audience> > </saml:AudienceRestriction> > </saml:Conditions> > <saml:AuthnStatement AuthnInstant="2007-09-03T17:44:57Z" > SessionIndex="_86bb16eb-3f39-0410-9d53-919a2d5a47b9"> > <saml:AuthnContext> > > <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> > </saml:AuthnContext> > </saml:AuthnStatement> > .... > > I passed a long time on google to find examples of assertion validation, > but i didn't find anything... I found some example of STS module, but if I > understand this module delivers an assertion, but my client's request > contains the assertion alredy .... > So I have develop my own axis2 module to validate the assertion with > opensaml library. > But I want to know if it's possible to do the validation with rampart, for > me it will be more secure to use a standart implementation than my own > module. > > thanks in advance for your help. > > Regards >
