Using JBoss 7.2 from GitHub:
Re: JBoss 7.2 Warning:No assertion builder for type {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}ProtectTokens registered
So I switched back to the non-policy way, and used wss4jinterceptors instead.
Again, using JBOSs 7.2 from GitHub, with all the modules that come with it.
wss4j is 1.6.9.
I followed the example in the following link.
The STR references the SAML token now, the timestamp and body are signed.
The SAML assertion has a signature inside the saml assertion.
But the SAML assertion is not signed externally, ie, there is no reference to the SAML assertion in the Signature block.
The Signature block only has reference to the timestamp and body.
http://svn.apache.org/viewvc?view=revision&revision=1081802
| /** |
| 215 | * This test creates a holder-of-key SAML1 Assertion, and sends it in the security header |
| 216 | * to the provider. |
| 217 | */ |
| 218 | @Test |
| 219 | public void testSaml1TokenHOK() throws Exception { |
| 220 | Map<String, Object> outProperties = new HashMap<String, Object>(); |
| 221 | outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); |
| 222 | outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties"); |
| 223 | outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference"); |
| 224 | outProperties.put(WSHandlerConstants.USER, "alice"); |
| 225 | outProperties.put("password", "password"); |
| 226 | outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties"); |
| 227 | SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); |
| 228 | callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY); |
| 229 | outProperties.put( |
| 230 | WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler |
| 231 | ); |
Is there any way using CXF or JBOSSWS-CXF either policy or non-policy way to sign the saml assertion? I,e, have a reference to it in the Signature block, not just inside the saml assertion?