No, I think you still can create a self-signed SAML 1.1 token that is not part of the WS-SecureConversation initial exchange using that "SAMLTokenSigned" action of the "old" configuration method (OutflowSecurity structures and classes that have been now deprecated but still working). With it you can define which subject you want it to be and which alias to be used for its signature. But you don't get much more than that. I don't know if you can control its lifetime, attributes anything. And that's if they haven't removed that from 1.2 - one of the devs is best at answering.
Best Regards, George -----Original Message----- From: Ted Jones [mailto:[EMAIL PROTECTED] Sent: Friday, June 15, 2007 9:55 AM To: [email protected] Subject: Re: SAML and Rampart 1.2 George, Thanks very much for the clarification George. So it sounds like SAML "support" in Rampart 1.2 is limited to WS-SecureConversation? Thanks, Ted On 6/15/07, George Stanchev <[EMAIL PROTECTED]> wrote: > > Hi Ted, > > Rahas, as far as I understand, provides WS-SecureConversation, which > is a subset of WS-Trust, implemtation, not a full STS capabilities. I > think to obtain the SC token, it requires SAML exchange. > I must admit though that > I haven't used it, just delft in the code back then when it was > version 1.1. > > Using the old configuration method, there was an action, > "SAMLTokenSigned" which allowed you to create a signed SAML for a > given identity (user) via rampart and include it in WSSE header. I > don't know how to do it via the WSP and WSSP configuration and if they > have removed it from 1.2 release. > > Best Regards, > George > > -----Original Message----- > From: Ted Jones [mailto:[EMAIL PROTECTED] > Sent: Friday, June 15, 2007 5:29 AM > To: [email protected] > Subject: Re: SAML and Rampart 1.2 > > Thanks for the reply Angel. So just to be clear, Rahas is available as > an STS to generate SAML tokens, but there is no way to add the token > to the envelope? Is there any sort of work around (maybe a custom > handler or something)? Also, is there a target release for including > SAML token support with Rampart? > > Thanks again, > Ted > > On 6/15/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > > > > Hi Ted, > > > > Currently rampart doesn't support SAML tokens. > > > > Regards, > > Angel > > > > On 6/15/07, Ted Jones <[EMAIL PROTECTED]> wrote: > > > > > > Just a few questions about adding SAML tokens in an Axis2 client: > > > > > > What is the property name for the token to be added to the options > > > property array? > > > Does the token need to be a SAMLAssertion instance? > > > How is the token retrieved in the web service? > > > > > > TIA, > > > Ted > > > > > > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, > please contact the sender by reply e-mail and destroy all copies of the original message. > >
