> 1. When STS generates the saml token, how do i control, whether > authorization assertion or authentication assertions statements should be > generated in the SAML Token
See the following blog post: http://coheigea.blogspot.ie/2011/10/apache-cxf-sts-documentation-part-iv.html Sections 3.3 -> 3.5. So for example to add an Authorization Assertion, you implement the following interface: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AuthDecisionStatementProvider.java?view=markup and plug it into the SAMLTokenProvider. > 2. How can we specify to sign only authorization or authorization statements only The SAMLTokenProvider doesn't work this way. You can configure a number of authorization/attribute/authentication statement to add to the SAML Token, and it's statically configured whether it signs them or not. It doesn't have the ability to generate say an authorization Assertion depending on some condition, or an attribute Assertion depending on another condition. > 3. How can we connect to ldap and verify the client user credentials and > what are the attributes he has and updated in the authentication and > authorization assertions It depends on what the client user credentials are. For the case of a UsernameToken, you can plug the JAASUsernameTokenValidator in WSS4J in. There is also an LdapClaimsHandler in the STS will will retrieve attributes from an LDAP backend for insertion into the Assertion. > 4. How does the WSP will validate the STS, i mean, the saml token generated is valid during particular period of time I don't understand the question. The WSP is configured with the public key of the STS and will use it to verify trust in a received signed Assertion. It also verifies the Lifetime of the Assertion. > 5. I want log each message(RST,RSTR) that is coming to STS, WSP(soap request > /response with token) and WSC(RST,RSTR,SOAP request/response to wsp ). The logging feature is enabled in the examples already, so it's just a matter of configuring logging via logging.properties or something. Colm. On Fri, Feb 8, 2013 at 5:04 PM, kk31 <[email protected]> wrote: > Hi, > i have installed apache-cxf-2.7.2, maven 3.0. i am successful in running > the sample that was given as part of the distribution. > > I have couple of questions on STS . > > > 1. When STS generates the saml token, how do i control, whether > authorization assertion or authentication assertions statements should be > generated in the SAML Token > . > 2. How can we specify to sign only authorization or authorization > statements only > > 3. How can we connect to ldap and verify the client user credentials and > what are the attributes he has and updated in the authentication and > authorization assertions > > 4. How does the WSP will validate the STS, i mean, the saml token > generated > is valid during particular period of time > > 5. I want log each message(RST,RSTR) that is coming to STS, WSP(soap > request > /response with token) and WSC(RST,RSTR,SOAP request/response to wsp ). do i > need to write any interceptor or handler for logging , if so what are the > changes i have to make to the sample > i can't user wireshark for this as it is local machine and its very hard > to interpret them too > > > Thanks > kk > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/STS-newbie-questions-tp5722949.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
