-
2. Re: Federated SSO for web services
rk_jboss Jun 11, 2009 1:31 PM (in response to rk_jboss)Thanks Anil for quick response.
I looked in to your blog and other resources but I could not find the details like the web services participating in the federation and exchanging the authentication and authorization attributes.
I am looking for open source initiatives and tried Shibboleth but its Service Provider does not have support for FreeBSD.
We are in a decision making situation which federation server to choose.
1) If you can answer to my previous questions that would be great. I know JBoss app server is compatible with FreeBSD and just wondering about federated SSO.
2) The next thing is the federated SSO support for web services. All the documentation talks about web based federation but did not get the information on support for web services.
3) I looked in to one of your posts (http://www.jboss.org/community/wiki/SAMLv2andXACMLv2Integration) talks about the integration of SAM2 with XACML in JBoss and wanted to know more information whether we can extend that feature for web services federation with authorization.
FYI: My brief requirement is , once a web service WS1 which exists in enterprise E1 authenticates a user U1 with role R1 and trying to access WS2 from enterprise E2 (both participate in federation ) and the same user U1 will have different role R2 in enterprise E2. So my service provide at E2 should get the authorization attributes from Identity Provider 2 / federation server. Hope you got my concern.
Thanks in advance.
Thanks,
Ram -
3. Re: Federated SSO for web services
anil.saldhana Jun 15, 2009 1:39 AM (in response to rk_jboss)What you really need is a federation gateway or such that can negotiate identity (plus attributes) across trust domains.
Our WS-T STS implementation is mainly for that - issuing SAML assertions (that can of course include attributes). Now it is upto E2 to decide what roles the incoming user is.
If FreeBSD has a Java VM (it should), then any of the Java solutions should work.