[jboss-dev-forums] [JBoss ESB Development] - Re: SAML Token Support

beve do-not-reply at jboss.com
Fri Sep 18 01:43:12 EDT 2009 

Hi Anil, 
anonymous wrote : http://anonsvn.jboss.org/repos/jbossidentity/identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
  | 
  | Looking at the signature, the validateToken takes in a dom element representing the saml2 token. So it is already there. Ensure that you parse the token as dom and then feed it to the sts via this api.
Thanks, this is actually what we are using in the ESB for two cases. 
One is for a JBossSTSLoginModule to validate an existing SAML token when a call enters the ESB.
The second is in an action that can be used to issue a SAML Token. 

My last question if with regard to calling an Web Service. In most case in the ESB a SOAP Message is expected to have been sent in by the client. 
So a SOAP Message is the payload of the ESB Message in that case and we have added an action that can update a SOAP Message adding a SAML token.

The next step in our example is to call a Web Service deployed in JBoss AS. I went looking for a SOAP server side Protocol Handler for this but could not find one. 
I was thinking that this handler would also use the WSTrustClient to validate the SAML token that should exist in the SOAP Security Header. 

I've created an example of such a handler:
http://anonsvn.jboss.org/repos/labs/labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/ws/JBossSTSSecurityHandler.java
This will take effect by configuring a the target web service will a handler chain:
<?xml version="1.0" encoding="UTF-8"?>
  | <jws:handler-config xmlns:jws="http://java.sun.com/xml/ns/javaee">
  | 	<jws:handler-chains>
  | 		<jws:handler-chain>
  | 			<jws:handler>
  | 				<jws:handler-class>org.jboss.soa.esb.services.security.auth.ws.JBossSTSSecurityHandler</jws:handler-class>
  | 			</jws:handler>
  | 		</jws:handler-chain>
  | 	</jws:handler-chains>
  | </jws:handler-config>
  | 
This is just a sample but might be easier to see what I mean here with a code example. 
I'm not sure if this is the best way to handle this use case either and any suggestions are welcome

Thanks,

/Daniel

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4255852#4255852

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4255852

More information about the jboss-dev-forums mailing list