When you say "WSS4J doc" you mean....¿? this?? ( http://ws.apache.org/wss4j/axis.html)...
On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
Hi I don't know any example with SSO demonstrated, but as i remember SAML is supported by WSS4J ( used in xfire-ws-security) so you can check WSS4J doc for more info. Some samples of using ACEGI with XFire you can find on Article page : http://xfire.codehaus.org/Articles On 3/14/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > List, > > Do you have any examples of a web service (consumer) that uses WS Single > Sign On mechanism as with SAML to send credentials around? If possible > (although I don't think this would be much complicated) it uses Acegi > Security to allow the application a handle to the Subject, thus allowing for > automatic adding of credentials on outgoing messages from the called web > service.. > > Would be something like this (don't have experience with SAML, so the > "language" or even the idea might be inaccurate) : > > Client Calls a Web Service and authenticates itself. Credentials are sent to > back to the client and stored (somewhere. Ideally Acegi Security should have > them around). > > Client makes a call to WebService-A. An outHandler automatically gets the > Subject information (including ticket, or whatever) adds SAML Security > information to the outgoing message. > > WebService-A' s inHandler analyzes the SAML Security Information. Based on > it, it creates a Subject with all the roles defined. > > If WebService-A calls any other web service, the same outhandler as in the > Client is used to send credentials. > > > I was wondering this because: > - I do not want passwords going around, not even if they are encrypted > - I need the Subject's role information and name for business logic > purposes and auditing. > - I want a "pluggable" way to do it, so I don't have to code this every > time I create a web service / client. Just add a jar and configure spring. > > Any other feedback, help, pointers, or other ways to do this are, of course, > more than welcome. > > Regards > Andres B. > -- ----- When one of our products stops working, we'll blame another vendor within 24 hours. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
