Re: JAX-RS Client to handle SAML (+OAuth2) in SSO

Tue, 04 Nov 2014 14:15:42 -0800 

Hi
On 04/11/14 18:09, rareddy wrote:

Hi,

I have a third party JAX-RS service that is secured through SAML,  I am
trying to access this service through my java application. I have access to
currently logged-in user's Subject. I am kind drawing blank on how I need to
proceed. Should I build  a SAMLRequest envelope and send to the service?
Obviously for me call back and human interaction with web-page is not
possible. So, I thought I might need to have SAMLResponse to go along with
my request based on Subject?
How exactly is that 3rd party service secured with SAML - does it expect an encoded SAML token in the header for example ? 

Have a look at this example:
http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader

Given a Subject you can configure WebClient to produce a SAML token.
In that example, org.apache.cxf.systest.jaxrs.security.saml.SamlCallbackHandler (in systests/rs-security) would affect the way the assertion is built, in your case it can use the Subject properties to set the SAML assertion's Subject properties 


With OAuth2, same scenario, but I am trying to access SalesForce. I need to
follow SAML2 Bearer as defined here
http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html but not sure how I
can get my hands on SAML Token?


It is quite similar, for example, see
http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html#JAXRSOAuth2Assertions-Clientcode
Again, the callback can use the Subject properties to set the SAML assertion's Subject properties 


I think I need a service, given Subject will provide me back with SAML
token, but I would to delegate this responsibility to an IDP to do the task.

Can somebody explain what may be the right flow of actions, and/or point me
to any examples?


Try experimenting with the linked to code and let me know how it goes
Cheers, Sergey


Thanks

Ramesh..



--
View this message in context: 
http://cxf.547215.n5.nabble.com/JAX-RS-Client-to-handle-SAML-OAuth2-in-SSO-tp5750699.html
Sent from the cxf-user mailing list archive at Nabble.com.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to