1 Reply Latest reply on Apr 10, 2013 1:23 PM by anil.saldhana

Signing XACML SAML response

mspiller Apr 9, 2013 5:24 AM

Is it possible to configure signing of SOAPSAMLXACMLService response inside ?

Example of SAML XACML signature:

Current policyConfig.xml content:

<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">

<ns:Policies>

<ns:PolicySet>

<ns:Location>policies/himss-policy.xml</ns:Location>

</ns:PolicySet>

</ns:Policies>

<ns:Locators>

<ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">

</ns:Locator>

</ns:Locators>

</ns:jbosspdp>

I still don't know how to combine SAML and XACML. I have a working PicketLinkSTService example and working SOAPSAMLXACMLService example.

STS issues a SAML token (that is signed). But i am not sure how to pass it to XACML service.

How to map for example urn:oasis:names:tc:xacml:1.0:subject:subject-id to a SAML ticket response assertion.

I send signed SAML response to a web service but I don't know how to also send XACML response.

1. Re: Signing XACML SAML response

anil.saldhana Apr 10, 2013 1:23 PM (in response to mspiller)

I don't think we bothered signing the XACML payload in the SAML response. You can sign the SAML Response. That applies to the entire payload.

Now if you insist that the xacml payload needs to be signed, then you will have to modify SOAPSAMLXACMLService

Please do not hesitate to send a git pull request to
https://github.com/picketlink2/federation
Actions