Hi all! I want to use Rampart to build a simple SSO system for Web services using SAML tickets. I want the STS to be able to handle a few users and issue SAML tokens with some attributes connected to those users. The tokens shall be used to authenticate users at some different Web services.
I ran into some problems though. I'm looking at sample05 (policy) and feel kind of confused. I can't get the whole concept of the policy files. There are one file for each service as I understand it(?). One for the echo service (policy.xml) and one for the STS (sts_policy.xml). My interpetation is that every service that I want to communicate with provides me with its policy (in some way) so I know what information, tokens etc I need to provide. But in the files there are client specific information like the client's keystore how can the service know that? Or have i got it all wrong? Another question. Why is it that specific code needs to be included in the client source code in order to request a SAML token? Shouldn't that be handled by Rampart using the policy documents? /Petter
