Hi Petter On Mon, Jun 16, 2008 at 7:24 PM, Petter Olsson <[EMAIL PROTECTED]> wrote:
> Hi all! > > I want to use Rampart to build a simple SSO system for Web services using > SAML tickets. I want the STS to be able to handle a few users and issue > SAML > tokens with some attributes connected to those users. The tokens shall be > used to authenticate users at some different Web services. > > I ran into some problems though. I'm looking at sample05 (policy) and feel > kind of confused. I can't get the whole concept of the policy files. There > are one file for each service as I understand it(?). One for the echo > service (policy.xml) and one for the STS (sts_policy.xml). My interpetation > is that every service that I want to communicate with provides me with its > policy (in some way) so I know what information, tokens etc I need to > provide. But in the files there are client specific information like the > client's keystore how can the service know that? Or have i got it all > wrong? > > Another question. Why is it that specific code needs to be included in the > client source code in order to request a SAML token? Shouldn't that be > handled by Rampart using the policy documents? > > /Petter > -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/
