-
1. Re: How implementing webservices with JBoss and the L7 XML Gateway
anil.saldhana Nov 7, 2011 3:01 PM (in response to bloemg)This is some kind of custom work. You can take a look at the saml enabled handlers for WS.
POJO WS:
https://docs.jboss.org/author/display/PLINK/WSAuthenticationHandler
https://docs.jboss.org/author/display/PLINK/WSAuthorizationHandler
EJB3 WS:
-
2. Re: How implementing webservices with JBoss and the L7 XML Gateway
bloemg Nov 9, 2011 8:34 AM (in response to anil.saldhana)Do we need all handlers.
We only want to use the SAML2Handler. We do not want to use authentication or authorization again because this was already done at the Gateway.
Is this possible?
-
3. Re: How implementing webservices with JBoss and the L7 XML Gateway
marc.van.andel Nov 9, 2011 10:27 AM (in response to bloemg)Working with bloemg I'll provide some more info about this. It seems that the SAML2Handler should be enough 'cause '
The SAML20TokenProvider is capable of validating the SAML assertions it issues' following http://community.jboss.org/wiki/PicketLinkSTS-SAMLProfile#SAML_Token_Validation There's also an example of just using just the SAML2Handler: https://docs.jboss.org/author/display/PLINK/SAML2Handler (Inbound part).
But calling the JAX-WS endpoint running on JBoss EAP 5.1 with Apache CXF as WS Stack provider and enhancing the SOAP request with a SAML token in Layer7:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v20="http://www.company.com/schemas/example-app/v20111101">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<saml2:Assertion
ID="SamlAssertion-144fa48dc370c7a921414f3c53ed111b"
IssueInstant="2011-11-09T15:04:07.000Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>layer7.company.com</saml2:Issuer>
<saml2:Subject>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
<saml2:NameID>CN=layer7.company.com</saml2:NameID>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2011-11-09T15:02:07.000Z" NotOnOrAfter="2011-11-09T15:09:07.000Z"/>
<saml2:AuthnStatement AuthnInstant="2011-11-09T15:04:07.000Z">
<saml2:SubjectLocality Address="10.103.121.235"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
<wsu:Timestamp>
<wsu:Created>2011-11-09T15:04:07.006451559Z</wsu:Created>
<wsu:Expires>2011-11-09T15:09:07.006Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<v20:getUserPrincipal/>
</soapenv:Body>
</soapenv:Envelope>
We get the following exception:
16:03:18,949 ERROR [SAML2Handler] Exception in parsing the assertion:
java.lang.ClassCastException: com.ctc.wstx.evt.CompactStartElement cannot be cast to javax.xml.stream.events.EndElement
at org.picketlink.identity.federation.core.parsers.saml.SAMLSubjectParser.parse(SAMLSubjectParser.java:123)
at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:148)
at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:76)
at org.picketlink.identity.federation.core.parsers.AbstractParser.parse(AbstractParser.java:92)
at org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil.fromElement(SAMLUtil.java:145)
at org.picketlink.trust.jbossws.handler.SAML2Handler.handleInbound(SAML2Handler.java:86)