Is it possible to configure signing of SOAPSAMLXACMLService response inside ?
According to http://docs.oasis-open.org/xacml/access_control-xacml-2.0-saml_profile-spec-cd-02.pdf the response should be signed.
Example of SAML XACML signature:
Current policyConfig.xml content:
I still don't know how to combine SAML and XACML. I have a working PicketLinkSTService example and working SOAPSAMLXACMLService example.
STS issues a SAML token (that is signed). But i am not sure how to pass it to XACML service.
How to map for example urn:oasis:names:tc:xacml:1.0:subject:subject-id to a SAML ticket response assertion.
I send signed SAML response to a web service but I don't know how to also send XACML response.
I don't think we bothered signing the XACML payload in the SAML response. You can sign the SAML Response. That applies to the entire payload.
Now if you insist that the xacml payload needs to be signed, then you will have to modify SOAPSAMLXACMLService
Please do not hesitate to send a git pull request to