1 Reply Latest reply on Apr 10, 2013 1:23 PM by Anil Saldanha

    Signing XACML SAML response

    Matej Spiller Newbie

      Is it possible to configure signing of SOAPSAMLXACMLService response inside ?

      According to http://docs.oasis-open.org/xacml/access_control-xacml-2.0-saml_profile-spec-cd-02.pdf the response should be signed.

       

      Example of SAML XACML signature:

      http://pushpalankajaya.blogspot.com/2012/02/implementing-saml-to-xacml.html

       

       

       

      Current policyConfig.xml content:

      <ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">

      <ns:Policies>

      <ns:PolicySet>

      <ns:Location>policies/himss-policy.xml</ns:Location>

      </ns:PolicySet>

      </ns:Policies>

      <ns:Locators>

      <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">

      </ns:Locator>

      </ns:Locators>

      </ns:jbosspdp>

       

      I still don't know how to combine SAML and XACML. I have a working PicketLinkSTService example and working SOAPSAMLXACMLService example.

       

      STS issues a SAML token (that is signed). But i am not sure how to pass it to XACML service.

      How to map for example urn:oasis:names:tc:xacml:1.0:subject:subject-id to a SAML ticket response assertion.

      I send signed SAML response to a web service but I don't know how to also send XACML response.