4 Replies Latest reply on Jul 12, 2012 10:41 AM by maximilien

SAML and caller principal propagation

dimonv Dec 14, 2009 7:37 AM

Hi all,

One question regarding the planned implementation of the JBoss identity.
SAML is usually used for securing the web services. Is it intended to propagate the SAML token alone with the further calls from WS e.g. to EJBs?

Is it also planned to propagate SAML token to remote EJBs?

Thanks.

1. Re: SAML and caller principal propagation

anil.saldhana Jan 13, 2010 11:20 AM (in response to dimonv)

The WS-Trust tokens containing SAML assertions can be transported between two containers (irrespective of what they are). What is needed is server integration at either end to handle ws-t. PicketLink has the Security Token Server to issue tokens. JBossESB makes use of this pattern.
Actions
2. Re: SAML and caller principal propagation

dimonv Jan 15, 2010 4:27 AM (in response to anil.saldhana)
You wrote:

What is needed is server integration at either end to handle ws-t
Does it mean that the token propagation is possible over SOAP only? What about EJB-calls over JBoss Remoting?
Is the server integration at the other end not out-of-the-box, or should this integration be done explicitly? If yes could you please provide a link to the documentation?
Actions
3. Re: SAML and caller principal propagation

anil.saldhana Jan 16, 2010 10:46 AM (in response to dimonv)

Token propagation between a client and the STS happens over soap. But the client can propagate the token to anything in any transport it desires. The latter is yet to be implemented.
Actions
4. Re: SAML and caller principal propagation

maximilien Jul 12, 2012 10:41 AM (in response to anil.saldhana)

Anil Saldhana a écrit:

Token propagation between a client and the STS happens over soap. But the client can propagate the token to anything in any transport it desires. The latter is yet to be implemented.

is token propagation over JBoss Remoting included in as 7.1.1.Final now ?
Actions

Go to original post