> It will be necessary to subclass SAMLTokenProvider and add your logic to modify conditions element.
Yup that's the only way I can see how it would work with the current code. Please log a JIRA in WSS4J to be able to add this kind of functionality via the ConditionsBean. Colm. On Wed, Nov 28, 2012 at 12:05 PM, Andrei Shakirin <[email protected]>wrote: > You are right, it is event not CXF, but WSS4J restriction. > > WSS4J ConditionsBean element doesn't really support custom extensions like > your delegate. > CXF STS implementation uses WSS4J to parse SAMLCallback object into SAML > Assertion. > Not sure if it will be supported in WSS4J 2.0. > > I see only way to customize it now - update SAML2 Assertion in > AssertionWrapper created by WSS4J: > assertion.getSaml2().getConditions() .... > It will be necessary to subclass SAMLTokenProvider and add your logic to > modify conditions element. > > Perhaps Colm will propose more elegant solution. > > I think CXF STS can provide callback to modify AssertionWrapper before > signing (in method SAMLTokenProvider.createSamlToken()). > Could you create Jira issues for CXF and also for WSS4J? Patches are also > welcome. > > Cheers, > Andrei. > > > -----Original Message----- > > From: ychawla [mailto:[email protected]] > > Sent: Dienstag, 27. November 2012 23:53 > > To: [email protected] > > Subject: Customizing Conditions in CXF STS > > > > Hello All, > > I am looking to customize the 'Conditions' of a SAML assertion according > to > > the requirements I received. > > > > For a background on my CXF STS bean configuration, you can refer to this > > post: > > > > http://cxf.547215.n5.nabble.com/Signing-SAML-token-in-STS-Namespace- > > issue-tc5718851.html > > > > In my token provider, I manually create the conditions statement using > DOM > > prior to signing my Assertion. For example: > > > > <saml:Conditions NotBefore="2012-11-23T15:00:00.938Z" > > NotOnOrAfter="2012-11-23T15:05:00.938Z"> > > <saml:AudienceRestriction> > > <saml:Audience>https://someCustomAudience</saml:Audience> > > </saml:AudienceRestriction> > > <saml:Condition > > xmlns:delegate="urn:oasis:names:tc:SAML:2.0:conditions:delegation"> > > <delegate:Delegate DelegationInstant="2012-11-23T15:00:19.938Z"> > > <NameID>Some delegate Name ID of my choosing</NameID> > > </delegate:Delegate> > > </saml:Condition> > > </saml:Conditions> > > > > However, these conditions are replaced by the DefaultConditionsProvider > > after the assertion is signed. For example: > > > > <Conditions NotBefore="2012-11-21T17:11:06.315Z" > > NotOnOrAfter="2012-11-21T17:16:06.315Z"/> > > > > I could implement my own ConditionsProvider: > > http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts- > > core/src/main/java/org/apache/cxf/sts/token/provider/ConditionsProvider. > > java?view=markup > > > > However, the ConditionsBean only allows you to set AudienceURI, > > notBefore, and notAfter. The ConditionsBean looks like it gets > converted to > > a SAML2 Conditions Object by the SAML2ComponentBuilder in the > > createConditions method. I don't see any hooks in there to create a > custom > > element such as the delegate element. > > > > Is there any way using the CXF STS framework where I can customize the > > 'Conditions' element in the Assertion. I can set the Audience > Restriction, Not > > Before, Not After in a custom Conditions Provider but don't see how to > > create a 'delegate' element. > > > > Thanks, > > Yogesh > > > > > > > > > > > > -- > > View this message in context: > http://cxf.547215.n5.nabble.com/Customizing- > > Conditions-in-CXF-STS-tp5719270.html > > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
