[teiid-issues] [JBoss JIRA] (TEIID-2819) Use Oauth SAML Bearer Assertion Flow

Ramesh Reddy (JIRA) issues at jboss.org
Mon Jan 5 17:57:29 EST 2015 

    [ https://issues.jboss.org/browse/TEIID-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030047#comment-13030047 ] 

Ramesh Reddy commented on TEIID-2819:
-------------------------------------

Related discussion about SAML Bearer with CXF is towards end of this thread http://cxf.547215.n5.nabble.com/OAuth-1-0-Client-example-td5751952.html#a5752812

If you are using PicketLink SP:

Pedro: you can get the assertion from user's http session as a DOM instance.  You can configure the SAML2AuthenticationHandler to specify the attribute name where the assertion will be stored [1]. Or you can just use the default attribute name, which is "ASSERTION_SESSION_ATTRIBUTE_NAME".

[1] https://docs.jboss.org/author/display/PLINK/SAML2AuthenticationHandler

Ramesh: The only place it is reachable is SAML2AuthenticationHandler where it is shoving into HttpSession. I could not find how ServiceProviderSAMLContext is populated in this scenario either. Looks like I need to get it into ServiceProviderSAMLContext then I can access in LoginModule.

Pedro: You can use JACC API for that. That way you can get the HttpServletRequest and extract the SAMLResponse parameter from there. 
Maybe something like that [1].
[1] https://github.com/EricWittmann/security-eval/blob/master/security-eval-jaxrs/src/main/java/org/overlord/security/eval/jaxrs/auth/SAMLBearerTokenLoginModule.java

Ramesh: IMO, JACC API will not  work depending upon the changing thread contexts, the only thing that might work is writing a filter and hijacking the SAMLResponse from there before it hits the SP.

> Use Oauth SAML Bearer Assertion Flow
> ------------------------------------
>
>                 Key: TEIID-2819
>                 URL: https://issues.jboss.org/browse/TEIID-2819
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: Server
>            Reporter: Van Halbert
>            Assignee: Ramesh Reddy
>
> I can secure my mobile and cloud applications?
> Consider doing SAML first and Oauth later – the use cases are the same, the implementation is different
> Link - https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_SAML_bearer_flow.htm&language=en



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the teiid-issues mailing list