Prakash,
After looking at that old code I see that you do exactly the same thing as I
did. Of course that raises the question of whether or not your STS request was
successfully generating the token. One has to take the effort to extract the
token from the STS response and store it using the Rampart TokenStorage class.
Have you checked to see if you get a token?
Here is a code snippet I had for the STS where I printed out the token to a
file (there may be other junk in this code that is superfluous … I don’t recall
since I have not used it for years!):
Options opts = new Options();
/* These are for Username token */
opts.setUserName("some name");
opts.setPassword("some password");
opts.setProperty(WSHandlerConstants.PW_CALLBACK_REF, new
PasswordCallback());
opts.setProperty(AddressingConstants.ADD_MUST_UNDERSTAND_TO_ADDRESSING_HEADERS,
true);
opts.setProperty(AddressingConstants.INCLUDE_OPTIONAL_HEADERS, true);
client.setOptions(opts);
Policy policy =
PolicyEngine.getPolicy(getClass().getResourceAsStream("policy.xml"));
Policy stsPolicy =
PolicyEngine.getPolicy(getClass().getResourceAsStream("sts-policy.xml"));
theToken = client.requestSecurityToken(policy, service.toString(),
stsPolicy, null);
TokenStorage store = TrustUtil.getTokenStore(ctxt);
store.add(theToken);
OMElement token = theToken.getToken();
try
{
String samlToken = token.toString();
File file = new File("SAMLToken");
FileOutputStream fos = new FileOutputStream(file);
fos.write(samlToken.getBytes());
fos.flush();
fos.close();
}
There was a method in this class that returned the token:
public Token getToken()
{
return theToken;
}
which is what I used in the
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());
line.
Brian
From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com]
Sent: Friday, April 3, 2015 1:04 AM
To: java-dev@axis.apache.org
Subject: RE: SAML Assertion not attached to soap header
Hi Brian,
we have STS server which generates Token, that is perfectly
fine. My doubt is, how to include the token to soap header. I tried to include
the token to soap request through setproperty(refer code snippet below)
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());
but when we examine the soap request in log, not able to locate the attached
SAMl token.
1. I don't know where we are sending to the server the SAML assertion in the
soapMessage, is this because the information is encryptied?
2. Could you please share me some tutorial about rampart policy(how to sign,
encrypt, include SAML)
your reply is highly appreciated..
Thanks,
Prakash
From: Brian Reinhold [mailto:brianreinh...@lampreynetworks.com]
Sent: 03 April 2015 AM 03:22
To: java-dev@axis.apache.org <mailto:java-dev@axis.apache.org>
Subject: RE: SAML Assertion not attached to soap header
Prakash,
I am not sure what you are trying to do. Usually the client requests a token
from a SAML server (perhaps with WS-Trust) and the token is generated on the
server which you then use as an opaque block in a message to the server. Are
you creating the token on the client?
Brian
From: Rangasamy, Prakash [mailto:prakash.rangas...@scientificgames.com]
Sent: Thu, April 02, 2015 12:38 PM
To: java-dev@axis.apache.org <mailto:java-dev@axis.apache.org>
Subject: SAML Assertion not attached to soap header
Hi,
I'm new in SAML with Axis2 Rampart. we are developing a web service client to
communicate to secure web service which has SAML enabled.
we included the SAML Assertion to soap request thru KEY_CUSTOM_ISSUED_TOKEN.
but when we examine the request sent to endpoint, SAML Assertion is not present
in header.
Is this issue in rampart or im missing something in the config.
thanks,
Prakash
Prakash Rangasamy | Software Analyst | <http://www.ballytech.com> Bally
Technologies | (O) +1 702 532 2662 | (M) +91 77 6039 7260
May be privileged. May be confidential. Please delete if not the addressee.
Prakash Rangasamy
_____
No virus found in this message.
Checked by AVG - www.avg.com <http://www.avg.com>
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15
No virus found in this message.
Checked by AVG - www.avg.com <http://www.avg.com>
Version: 2015.0.5863 / Virus Database: 4321/9440 - Release Date: 04/02/15
