[jboss-user] [JBoss Web Services] - Reference SAML assertion in Signature block

Indira Akundi do-not-reply at jboss.com
Wed May 15 06:01:47 EDT 2013 

Indira Akundi [https://community.jboss.org/people/crumbs] created the discussion

"Reference SAML assertion in Signature block"

To view the discussion, visit: https://community.jboss.org/message/817796#817796

--------------------------------------------------------------
Using JBoss 7.2 from GitHub:

 *https://community.jboss.org/message/817407#817407 Re: JBoss 7.2 Warning:No assertion builder for type {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}ProtectTokens registered* 

So I switched back to the non-policy way, and used wss4jinterceptors instead.

Again, using JBOSs 7.2 from GitHub, with all the modules that come with it.
wss4j is 1.6.9.

I followed the example in the following link.
The STR references the SAML token now, the timestamp and body are signed.
The SAML assertion has a signature inside the saml assertion.
But the SAML assertion is not signed externally, ie, there is no reference to the SAML assertion in the Signature block.
The Signature block only has reference to the timestamp and body.


 http://svn.apache.org/viewvc?view=revision&revision=1081802 http://svn.apache.org/viewvc?view=revision&revision=1081802


| /**  |
| 215 | * This test creates a holder-of-key SAML1 Assertion, and sends it in the security header  |
| 216 | * to the provider.  |
| 217 | */  |
| 218 | @Test  |
| 219 | public void testSaml1TokenHOK() throws Exception {  |
| 220 | Map<String, Object> outProperties = new HashMap<String, Object>();  |
| 221 | outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);  |
| 222 | outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties");  |
| 223 | outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");  |
| 224 | outProperties.put(WSHandlerConstants.USER, "alice");  |
| 225 | outProperties.put("password", "password");  |
| 226 | outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");  |
| 227 | SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();  |
| 228 | callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);  |
| 229 | outProperties.put(  |
| 230 | WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler  |
| 231 | );  |


Is there any way using CXF or JBOSSWS-CXF either policy or non-policy way to sign the saml assertion? I,e, have a reference to it in the Signature block, not just inside the saml assertion?
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/817796#817796]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130515/5df515ab/attachment-0001.html

More information about the jboss-user mailing list