Re: fediz jaas config

Mon, 25 Sep 2017 12:53:47 -0700

here is a gist showing where i have got to so far https://gist.github.com/chongma/ee6836f99b1ba62b79851c9da050c81f
now i get Caused by: org.apache.cxf.ws.security.sts.provider.STSException: Mandatory claim 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role' not found so i need to look at supported claims.  do these need to be mapped? 


On 25/09/2017 18:11, Colm O hEigeartaigh wrote:

The ClaimsManager is defined in the default STS configuration here:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml#L106

Where the default ClaimsHandlers read in some claims from a file:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml

For LDAP, we have a LDAPClaimsHandler in CXF, the Fediz configuration for
that is here:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml

If you only require the role claims for your login scenario, I think you
can get away with writing a custom ClaimsHandler implementation, and get
the roles from the authenticated principal.

Colm.

On Mon, Sep 25, 2017 at 4:56 PM, Matthew Broadhead <
[email protected]> wrote:


hi,

i already have a working jaas.config setup with a custom LoginModule
MyLoginModule {
uk.me.kissy.jaas.MyLoginModule required debug=false dbPort="3306"
dbName="directory" dbUsername="directoryUser" dbPassword="<password>";
};

MyLoginModule is based off this tutorial http://docs.oracle.com/javase/
7/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html and
is basically one step up from a DataSourceRealm using 2 tables:
1. user
- username
- password
2. userrole
- username
- rolename

in fediz-1.4.2/services/sts/src/main/webapp/WEB-INF/endpoints i create a
file jaas.xml and created an endpoint
<beans ...>
<jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
         address="/REALMA/STSServiceTransportUT"
wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
         serviceName="ns1:SecurityTokenService"
endpointName="ns1:TransportUT_Port">
         <jaxws:properties>
             <entry key="ws-security.ut.validator">
                 <bean class="org.apache.wss4j.dom.va
lidate.JAASUsernameTokenValidator">
                     <property name="contextName" value="MyLoginModule" />
                 </bean>
             </entry>
         </jaxws:properties>
     </jaxws:endpoint>
</beans>

now the stacktrace says it needs a claimHandlerList and claimsManager.
could someone point me to an example of how to do that?




























					Reply via email to