>
> I really appreciate the explanation, how we have to implement/customize
> the authorization/authentication stuff, but as a newbie, i am thinking to
> run the sample with these changes. Also, what are the changes i have to do,
> like which configuration file i have to change, if i implement the
> interface
> AuthDecisioinStatementProvider, how can i say at run time to use this new
> implementation
The STS is configured (in the "sts" sample) via the file "wssec-sts.xml".
The SAMLTokenProvider is configured via:
<bean id="utSamlTokenProvider"
class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
</bean>
So if you want to customise it, you could do something like:
<bean id="utSamlTokenProvider"
class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
<property name="authDecisionStatementProviders" ref="providersList" />
</bean>
<util:list id="providersList">
<ref bean="defaultProvider" />
</util:list>
<bean id="defaultProvider" class="your.AuthDecisionStatementProvider">
</bean>
My question was,
> if WSC sends request with saml token to WSP after the lifetime of the
> assertion, how WSP handles the situation.
> e.g.
> <saml:Conditions NotBefore="2013-02-08T14:53:
>>
>> 55.786Z"
>> NotOnOrAfter="2013-02-08T14:55:55.786Z" />
>>
>> @the WSP side, do we need to write the code to handle this situation or
>> WSP
>> will contact the STS to validate the saml token?
>
> By default, an expired SAML Token will be rejected by the WSP. It's not
the job of the WSP to be able to renew tokens, instead the client should
detect that the token is expired, and contact the STS to renew it, before
invoking on the WSP.
I have looked at the STS sample, but everything is coming on the
> commandline prompt. But how do i specify the logging properties in this
> example, to generate the requests/responses that are coming STS, WSC,WSP to
> write the message in a file.
See here:
http://cxf.apache.org/docs/debugging-and-logging.html
Colm.
On Fri, Feb 8, 2013 at 8:31 PM, kk31 <[email protected]> wrote:
> Thanks for your reply.
>
> 1) See the following blog post:
>
>
> http://coheigea.blogspot.ie/2011/10/apache-cxf-sts-documentation-part-iv.html
>
> Sections 3.3 -> 3.5. So for example to add an Authorization Assertion, you
> implement the following interface:
>
>
> http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AuthDecisionStatementProvider.java?view=markup
>
> and plug it into the SAMLTokenProvider.
>
>
> I really appreciate the explanation, how we have to implement/customize
> the authorization/authentication stuff, but as a newbie, i am thinking to
> run the sample with these changes. Also, what are the changes i have to do,
> like which configuration file i have to change, if i implement the
> interface
> AuthDecisioinStatementProvider, how can i say at run time to use this new
> implementation
>
>
>
>
> 4)I don't understand the question. The WSP is configured with the public
> key
> of the STS and will use it to verify trust in a received signed Assertion.
> It also verifies the Lifetime of the Assertion.
>
> My question was,
> if WSC sends request with saml token to WSP after the lifetime of the
> assertion, how WSP handles the situation.
> e.g.
> <saml:Conditions NotBefore="2013-02-08T14:53:55.786Z"
> NotOnOrAfter="2013-02-08T14:55:55.786Z" />
>
> @the WSP side, do we need to write the code to handle this situation or
> WSP
> will contact the STS to validate the saml token?
>
>
>
> 5) The logging feature is enabled in the examples already, so it's just a
> matter of configuring logging via logging.properties or something.
>
> I have looked at the STS sample, but everything is coming on the
> commandline prompt. But how do i specify the logging properties in this
> example, to generate the requests/responses that are coming STS, WSC,WSP to
> write the message in a file.
> i believe STS uses some jar files, will not show us actual
> request/response . Do we need to write any logging interceptors and plug
> in to the STS,WSC and WSP?
>
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/STS-newbie-questions-tp5722949p5722952.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
