2 Replies Latest reply on May 6, 2010 7:12 AM by Jamere Morrow

    Question about assertion from STS

    Jamere Morrow Newbie

      I have successfully created a vaild assertion using the STS. There are 2 questions.

       

      1. How do we go about placing that assertion into the soap message to continue on to the desired endpoint? I know that it is required to be in the SOAP header then the request in the body of the message.

       

      2. In the PicketLink STS client, what and where is the request that its using to create the assertion? I have looked through the SVN to trying to find out exactly how it is working but not having any luck.

        • 1. Re: Question about assertion from STS
          Daniel Bevenius Master

          Hi James,

           

          1. How do we go about placing that assertion into the soap message to continue on to the desired endpoint?

          This easiest way might be to have a SOAPHandler on the client side that adds the Assertion element to the security header.

          I've used Smooks previously to insert a security element into a SOAP Message but that was mainly because this was used in JBossESB for a quickstart (security_saml) and that made sense at the time for that example.

           

          I spoke with Anil about creating some examples and this might be a good one to add?

           

          1. I was thinking that we create an example that calls PicketLinkSTS via JAAS to issue a token.

          2. Then have a call to a web service where the client side is configured with a SOAPHandler that injects the SAML Assertion into the outbound SOAP Security Header.

          3. The web service would be configured with a SOAPHandler (for example org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler).

           

          The security_saml JBossESB quickstart does this (except step 2 which is uses Smooks for) but via JBossESB. The last step part of the quickstart is to call an external web service which is configured with the server side SOAPHandler (step 3). The configuration of the web service might be of interest to you.

           

          What do you think?

           

          Regards,

           

          /Daniel

          • 2. Re: Question about assertion from STS
            Jamere Morrow Newbie

            That sounds exactly like what we are wanting. I just located a page that has the soaphandler...

             

            http://www.jroller.com/gmazza/

             

            I am looking over it now and maybe I will be able to use this