Hi, OK, I think more straightforward way to inject the SAML assertion into message is using ws-security.saml-callback-handler. You can use STSClient directly to get the SAML token from STS or get it using SecurityConstants.TOKEN tag on the message exchange by first service call. Then set the DOM Element directly on the SAMLCallback object in ws-security.saml-callback-handler.
See details in thread http://cxf.547215.n5.nabble.com/WS-Security-Policy-with-Existing-SAML-Token-td5720608.html; and in Colm's blog: http://coheigea.blogspot.de/2011/06/ws-securitypolicysaml-sample-in-talend.html Regards, Andrei. From: patch_78 [via CXF] [mailto:[email protected]] Sent: Montag, 15. April 2013 13:38 To: Andrei Shakirin Subject: RE: How to call STS directly and cache security token Hi Andrei, Thank you very much for your guidance. I will check them. I got the requirement as: 1) client will be authenticated by some identity provider (which can be on the top of CXF STS) and get SAML2 token. This will be done during the client logins using a Web interface. 2) the SAML2 token, as long as it is still valid, will be used by the client later when the client calls web services. On the example I found client automatically calls STS before calling web services. What I think is to add SAML2 token manually into the cache on client side (I hope the client does not call STS again as the token is already in cache). cheers, patch Andrei Shakirin wrote Hi, You can reuse CXF STSClient to get security token from STS (org.apache.cxf.ws.security.trust.STSClient). Look in IssuedTokenInterceptorProvider code to understand how to call STSClient (org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS()) You can also see how CXF cache for security token is implemented: IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken(); getTokenStore(message).add(tok). Injection security token is more tricky. You can refer AbstractBindingBuilder.handleSupportingTokens(), AbstractBindingBuilder.addSupportingTokens(), AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign(); SymmetricBindingHandler and TransportBindingHandler. Just out of curiosity: which requirements impede of using standard CXF caching mechanism for security tokens? Regards, Andrei. > -----Original Message----- > From: patch_78 [mailto:[hidden > email]</user/SendEmail.jtp?type=node&node=5726299&i=0>] > Sent: Sonntag, 14. April 2013 18:23 > To: [hidden email]</user/SendEmail.jtp?type=node&node=5726299&i=1> > Subject: Re: How to call STS directly and cache security token > > Hi Andrei, > > Thank you for your reply. > > My requirement is actually Client explicitly gets security token from STS, > injects the security token into SOAP header, and organizes its own caching. > Is it possible for CXF framework? Do you have any suggestions or examples ? > > Thanks! > patch > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/How-to-call- > STS-directly-and-cache-security-token-tp5726259p5726266.html > Sent from the cxf-user mailing list archive at Nabble.com. Andrei Shakirin wrote Hi, You can reuse CXF STSClient to get security token from STS (org.apache.cxf.ws.security.trust.STSClient). Look in IssuedTokenInterceptorProvider code to understand how to call STSClient (org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS()) You can also see how CXF cache for security token is implemented: IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken(); getTokenStore(message).add(tok). Injection security token is more tricky. You can refer AbstractBindingBuilder.handleSupportingTokens(), AbstractBindingBuilder.addSupportingTokens(), AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign(); SymmetricBindingHandler and TransportBindingHandler. Just out of curiosity: which requirements impede of using standard CXF caching mechanism for security tokens? Regards, Andrei. > -----Original Message----- > From: patch_78 [mailto:[hidden > email]</user/SendEmail.jtp?type=node&node=5726299&i=2>] > Sent: Sonntag, 14. April 2013 18:23 > To: [hidden email]</user/SendEmail.jtp?type=node&node=5726299&i=3> > Subject: Re: How to call STS directly and cache security token > > Hi Andrei, > > Thank you for your reply. > > My requirement is actually Client explicitly gets security token from STS, > injects the security token into SOAP header, and organizes its own caching. > Is it possible for CXF framework? Do you have any suggestions or examples ? > > Thanks! > patch > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/How-to-call- > STS-directly-and-cache-security-token-tp5726259p5726266.html > Sent from the cxf-user mailing list archive at Nabble.com. ________________________________ If you reply to this email, your message will be added to the discussion below: http://cxf.547215.n5.nabble.com/How-to-call-STS-directly-and-cache-security-token-tp5726259p5726299.html This email was sent by patch_78<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=339650> (via Nabble) To receive all replies by email, subscribe to this discussion<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=subscribe_by_code&node=5726259&code=YXNoYWtpcmluQHRhbGVuZC5jb218NTcyNjI1OXwtODUzNTgxMDI5>
