Does anybody know a free (open source or not) Security Token Service where I can send my username / passwd and it will send me back a SAML assertion?
It should also be able to validate an assertion ( i guess ¿?) Regards AB On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
great :) On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > Ok I will... Will try to make something generic, if the time permits, so we > have something reusable. > > Let you know how it comes around. > > > On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote: > > I don't know :) I just assumed that somewhere must be any wss4j > documentation :) > > I mainly used wss4j source code to check some stuff :) , but maybe try > > to ask on wss4j mailing list. > > > > > > On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED] > wrote: > > > When you say "WSS4J doc" you mean....¿? this?? > > > (http://ws.apache.org/wss4j/axis.html)... > > > > > > > > > On 3/15/07, Tomek Sztelak < [EMAIL PROTECTED]> wrote: > > > > > > > > Hi > > > > I don't know any example with SSO demonstrated, but as i remember SAML > > > > is supported by WSS4J ( used in xfire-ws-security) so you can check > > > > WSS4J doc for more info. > > > > Some samples of using ACEGI with XFire you can find on Article page : > > > > http://xfire.codehaus.org/Articles > > > > > > > > On 3/14/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > > > > > List, > > > > > > > > > > Do you have any examples of a web service (consumer) that uses WS > Single > > > > > Sign On mechanism as with SAML to send credentials around? If > possible > > > > > (although I don't think this would be much complicated) it uses > Acegi > > > > > Security to allow the application a handle to the Subject, thus > allowing > > > for > > > > > automatic adding of credentials on outgoing messages from the called > web > > > > > service.. > > > > > > > > > > Would be something like this (don't have experience with SAML, so > the > > > > > "language" or even the idea might be inaccurate) : > > > > > > > > > > Client Calls a Web Service and authenticates itself. Credentials are > > > sent to > > > > > back to the client and stored (somewhere. Ideally Acegi Security > should > > > have > > > > > them around). > > > > > > > > > > Client makes a call to WebService-A. An outHandler automatically > gets > > > the > > > > > Subject information (including ticket, or whatever) adds SAML > Security > > > > > information to the outgoing message. > > > > > > > > > > WebService-A' s inHandler analyzes the SAML Security Information. > Based > > > on > > > > > it, it creates a Subject with all the roles defined. > > > > > > > > > > If WebService-A calls any other web service, the same outhandler as > in > > > the > > > > > Client is used to send credentials. > > > > > > > > > > > > > > > I was wondering this because: > > > > > - I do not want passwords going around, not even if they are > > > encrypted > > > > > - I need the Subject's role information and name for business > logic > > > > > purposes and auditing. > > > > > - I want a "pluggable" way to do it, so I don't have to code this > > > every > > > > > time I create a web service / client. Just add a jar and configure > > > spring. > > > > > > > > > > Any other feedback, help, pointers, or other ways to do this are, of > > > course, > > > > > more than welcome. > > > > > > > > > > Regards > > > > > Andres B. > > > > > > > > > > > > > > > > > -- > > > > ----- > > > > When one of our products stops working, we'll blame another vendor > > > > within 24 hours. > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe from this list please visit: > > > > > > > > http://xircles.codehaus.org/manage_email > > > > > > > > > > > > > > > > > > > > -- > > ----- > > When one of our products stops working, we'll blame another vendor > > within 24 hours. > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > > -- ----- When one of our products stops working, we'll blame another vendor within 24 hours. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
