Thanks Colm
I just found an example with a WSS4JOutInterceptor and my SamlCallbackHandler
gets called now.
What I noticed: On the WSS4JOutInterceptor I have to use
ConfigurationConstants.SAML_CALLBACK_REF. When I use
SecurityConstants.SAML_CALLBACK_HANDLER instead, I get an error saying that no
SAML callback handler is defined.
@Bean
public WSS4JOutInterceptor wss4JOutInterceptor(final SamlCallbackHandler
samlCallbackHandler) {
Map<String, Object> properties = new HashMap<>();
properties.put(ConfigurationConstants.ACTION,
ConfigurationConstants.SAML_TOKEN_SIGNED);
properties.put(ConfigurationConstants.SAML_CALLBACK_REF,
samlCallbackHandler);
return new WSS4JOutInterceptor(properties);
}
@Bean
public Dispatch<Source> myClient (final WSS4JOutInterceptor
wss4JOutInterceptor) {
QName serviceName = new QName("namespace", "service");
QName portName = new QName("namespace ", "port");
Service service = Service.create(serviceName);
service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, "address");
Dispatch<Source> dispatch = service.createDispatch(portName,
Source.class, Service.Mode.PAYLOAD);
Client client =
((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
client.getOutInterceptors().add(wss4JOutInterceptor);
return dispatch;
}
Stephan
-----Ursprüngliche Nachricht-----
Von: Colm O hEigeartaigh <[email protected]>
Gesendet: Dienstag, 18. September 2018 11:21
An: [email protected]
Betreff: Re: Configure SamlCallbackHandler for Dispatch client
Putting it on the client request context should work. The question is though,
how are you configuring that a SAML token is required? Setting the SAML
CallbackHandler is not enough - either you need to have a SamlToken policy
assertion in the WSDL (or in a local policy file) or else you need to set up
the WSS4JOutInterceptor to configure it to include a SAML token.
Colm.
On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <[email protected]>
wrote:
> Hi
>
> I am trying to "decorate" an outgoing web service call with a SAML
> token for authentication. Therefore I have written a
> SamlCallbackHandler. It is for sure not yet complete, but I am already
> failing to configure it onto my CXF client which is a Dispatch client.
>
> I have found that I need to configure the key
> SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler
> instance.
>
> I also found JAX-B based examples who configure the handler on the web
> service port type:
> ((BindingProvider)saml2Port).getRequestContext().put(
> "ws-security.saml-callback-handler", new SamlCallbackHandler()
> );
>
> But my dispatch client has no port type class. It looks like this
> (simplified names):
>
> @Bean
> public Dispatch<Source> myClient(final SamlCallbackHandler
> samlCallbackHandler) {
> QName serviceName = new QName("namespace", "service");
> QName portName = new QName("namespace ", "port");
> Service service = Service.create(serviceName);
> service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> "address");
> Dispatch<Source> dispatch = service.createDispatch(portName,
> Source.class, Service.Mode.PAYLOAD);
> Client client =
> ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
> client.getInInterceptors().add(new LoggingInInterceptor());
> client.getOutInterceptors().add(new LoggingOutInterceptor());
> return dispatch;
> }
>
> On this client I tried to configure my SamlCallbackHandler like this:
>
> 1.
> client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER
> ,
> samlCallbackHandler);
> 2.
> client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
>
> Unfortunately none of them works, the handle method of the handler is
> never called and therefore the outgoing request has no token.
>
> How can I configure the SamlCallbackHandler on a Dispatch client? I
> did not found an example in the CXF project.
>
> Thanks
> Stephan
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
