[teiid-issues] [JBoss JIRA] (TEIID-2819) Use Oauth SAML Bearer Assertion Flow
Ramesh Reddy (JIRA)
issues at jboss.org
Mon Jan 5 17:57:29 EST 2015
[ https://issues.jboss.org/browse/TEIID-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030047#comment-13030047 ]
Ramesh Reddy commented on TEIID-2819:
-------------------------------------
Related discussion about SAML Bearer with CXF is towards end of this thread http://cxf.547215.n5.nabble.com/OAuth-1-0-Client-example-td5751952.html#a5752812
If you are using PicketLink SP:
Pedro: you can get the assertion from user's http session as a DOM instance. You can configure the SAML2AuthenticationHandler to specify the attribute name where the assertion will be stored [1]. Or you can just use the default attribute name, which is "ASSERTION_SESSION_ATTRIBUTE_NAME".
[1] https://docs.jboss.org/author/display/PLINK/SAML2AuthenticationHandler
Ramesh: The only place it is reachable is SAML2AuthenticationHandler where it is shoving into HttpSession. I could not find how ServiceProviderSAMLContext is populated in this scenario either. Looks like I need to get it into ServiceProviderSAMLContext then I can access in LoginModule.
Pedro: You can use JACC API for that. That way you can get the HttpServletRequest and extract the SAMLResponse parameter from there.
Maybe something like that [1].
[1] https://github.com/EricWittmann/security-eval/blob/master/security-eval-jaxrs/src/main/java/org/overlord/security/eval/jaxrs/auth/SAMLBearerTokenLoginModule.java
Ramesh: IMO, JACC API will not work depending upon the changing thread contexts, the only thing that might work is writing a filter and hijacking the SAMLResponse from there before it hits the SP.
> Use Oauth SAML Bearer Assertion Flow
> ------------------------------------
>
> Key: TEIID-2819
> URL: https://issues.jboss.org/browse/TEIID-2819
> Project: Teiid
> Issue Type: Feature Request
> Components: Server
> Reporter: Van Halbert
> Assignee: Ramesh Reddy
>
> I can secure my mobile and cloud applications?
> Consider doing SAML first and Oauth later – the use cases are the same, the implementation is different
> Link - https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_SAML_bearer_flow.htm&language=en
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the teiid-issues
mailing list