<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Reference SAML assertion in Signature block
</h3>
<span style="margin-bottom: 10px;">
created by <a href="https://community.jboss.org/people/crumbs">Indira Akundi</a> in <i>JBoss Web Services</i> - <a href="https://community.jboss.org/message/817796#817796">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Using JBoss 7.2 from GitHub:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><a class="jive-link-message-small" href="https://community.jboss.org/message/817407#817407">Re: JBoss 7.2 Warning:No assertion builder for type {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}ProtectTokens registered</a> </strong>  </p><p class="jive-thread-reply-message">  </p><p>So I switched back to the non-policy way, and used wss4jinterceptors instead.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Again, using JBOSs 7.2 from GitHub, with all the modules that come with it.</p><p>wss4j is 1.6.9.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I followed the example in the following link.</p><p>The STR references the SAML token now, the timestamp and body are signed.</p><p>The SAML assertion has a signature inside the saml assertion.</p><p>But the SAML assertion is not signed externally, ie, there is no reference to the SAML assertion in the Signature block.</p><p>The Signature block only has reference to the timestamp and body.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><a class="jive-link-external-small" href="http://svn.apache.org/viewvc?view=revision&revision=1081802" rel="nofollow">http://svn.apache.org/viewvc?view=revision&revision=1081802</a></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>  </p><table cellpadding="0" cellspacing="0"><tbody><tr class="vc_row_odd" id="l214"><td class="vc_file_line_text" style=";">/** </td></tr><tr class="vc_row_odd" id="l215"><td class="vc_file_line_number" style=";">215</td><td class="vc_file_line_text" style=";">* This test creates a holder-of-key SAML1 Assertion, and sends it in the security header </td></tr><tr class="vc_row_odd" id="l216"><td class="vc_file_line_number" style=";">216</td><td class="vc_file_line_text" style=";">* to the provider. </td></tr><tr class="vc_row_odd" id="l217"><td class="vc_file_line_number" style=";">217</td><td class="vc_file_line_text" style=";">*/ </td></tr><tr class="vc_row_odd" id="l218"><td class="vc_file_line_number" style=";">218</td><td class="vc_file_line_text" style=";">@Test </td></tr><tr class="vc_row_odd" id="l219"><td class="vc_file_line_number" style=";">219</td><td class="vc_file_line_text" style=";">public void testSaml1TokenHOK() throws Exception { </td></tr><tr class="vc_row_odd" id="l220"><td class="vc_file_line_number" style=";">220</td><td class="vc_file_line_text" style=";">Map<String, Object> outProperties = new HashMap<String, Object>(); </td></tr><tr class="vc_row_odd" id="l221"><td class="vc_file_line_number" style=";">221</td><td class="vc_file_line_text" style=";">outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); </td></tr><tr class="vc_row_odd" id="l222"><td class="vc_file_line_number" style=";">222</td><td class="vc_file_line_text" style=";">outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties"); </td></tr><tr class="vc_row_odd" id="l223"><td class="vc_file_line_number" style=";">223</td><td class="vc_file_line_text" style=";">outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); </td></tr><tr class="vc_row_odd" id="l224"><td class="vc_file_line_number" style=";">224</td><td class="vc_file_line_text" style=";">outProperties.put(WSHandlerConstants.USER, "alice"); </td></tr><tr class="vc_row_odd" id="l225"><td class="vc_file_line_number" style=";">225</td><td class="vc_file_line_text" style=";">outProperties.put("password", "password"); </td></tr><tr class="vc_row_odd" id="l226"><td class="vc_file_line_number" style=";">226</td><td class="vc_file_line_text" style=";">outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); </td></tr><tr class="vc_row_odd" id="l227"><td class="vc_file_line_number" style=";">227</td><td class="vc_file_line_text" style=";">SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); </td></tr><tr class="vc_row_odd" id="l228"><td class="vc_file_line_number" style=";">228</td><td class="vc_file_line_text" style=";">callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); </td></tr><tr class="vc_row_odd" id="l229"><td class="vc_file_line_number" style=";">229</td><td class="vc_file_line_text" style=";">outProperties.put( </td></tr><tr class="vc_row_odd" id="l230"><td class="vc_file_line_number" style=";">230</td><td class="vc_file_line_text" style=";">WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler </td></tr><tr class="vc_row_odd" id="l231"><td class="vc_file_line_number" style=";">231</td><td class="vc_file_line_text" style=";">); </td></tr></tbody></table><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Is there any way using CXF or JBOSSWS-CXF either policy or non-policy way to sign the saml assertion? I,e, have a reference to it in the Signature block, not just inside the saml assertion?</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="https://community.jboss.org/message/817796#817796">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>