[jbossws-dev] [JBoss Web Services Development] - Re: JBossSTS SOAP protocol handler
anil.saldhana@jboss.com
do-not-reply at jboss.com
Tue Sep 22 10:28:58 EDT 2009
Dan, the question was whether the SAML assertion can be used as the authentication construct rather than username/pwd or a X509 certificate (as supported by the WS-Security implementation in JBossWS). This was what Stefan and I were referring to.
At this time, I think you should forget about the authentication aspect and just focus on passing the saml assertion to the wst client and let the STS handle the token.
Maybe you can have a single username/pwd for the ESB layer with the STS to pass in the WS-S headers. Or better some type of X509 certificate that is mutually agreed on.
There are two different things:
1) There needs to be a security context for the client and the STS to interact. This is what is passed in the ws-s headers. Can be username/pwd or x509 cert.
2) And then there is the payload (in this case, the SAML assertion) that the STS will use to validate.
>From what I see, the item 1 is a trust association between the ESB and ESB client. We can set it up once.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4256412#4256412
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4256412
More information about the jbossws-dev
mailing list