1 Reply Latest reply on Apr 10, 2013 1:23 PM by Anil Saldanha

    Signing XACML SAML response

    Matej Spiller Newbie

      Is it possible to configure signing of SOAPSAMLXACMLService response inside ?

      According to http://docs.oasis-open.org/xacml/access_control-xacml-2.0-saml_profile-spec-cd-02.pdf the response should be signed.


      Example of SAML XACML signature:





      Current policyConfig.xml content:

      <ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">







      <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">





      I still don't know how to combine SAML and XACML. I have a working PicketLinkSTService example and working SOAPSAMLXACMLService example.


      STS issues a SAML token (that is signed). But i am not sure how to pass it to XACML service.

      How to map for example urn:oasis:names:tc:xacml:1.0:subject:subject-id to a SAML ticket response assertion.

      I send signed SAML response to a web service but I don't know how to also send XACML response.