Adding a SAML Assertion to outgoing SOAP Messages
=================================================
In what situations should the Assertion be added to the outbound SOAP Security Header:
1. SOAP Processor
SOAPProcessor expects the Body of the ESB Message to be a SOAPMessage. We could use an
action that updates/adds a Security Header to the SOAP Message.
This can be done by adding the following action:
<action name="addSamlSecurityHeader"
class="org.jboss.soa.esb.smooks.SmooksAction">
| <property name="smooksConfig"
value="/smooks/smooks-saml-injector.xml" />
| </action>
2. SOAPClient (soapUI)
This action uses soapui for its processing. SOAPUI creates the actual SOAP Message and
returns it as a String. But this action also supports
a smooks tranformation. We can use the same Smooks confuration as shown above. So this
could be used for the configuration of SOAPClient like this:
<property name="smooksTransform"
value="/smooks/smooks-saml-injector.xml" />
3. SOAPClient (WISE)
Since WISE uses JAXWS then we should be able to use a protocol handler for SOAP to add the
header.
WISE supports both specifying a 'smooksTransform', like the SOAPUI SOAPClient, and
also custom handlers. One such handler can be found in
org.jboss.soa.esb.actions.soap.SOAPSamlHandler.
4. SOAPProxy
HTTPProxy also expects the Body of the ESB Message to be a SOAPMessage. Here too the same
Smooks configuration can be used.
Anything you can think of that I've missed?
Thanks,
/Daniel
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4256787#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...