0 Replies Latest reply on May 15, 2013 6:01 AM by Indira Akundi

    Reference SAML assertion in Signature block

    Indira Akundi Newbie

      Using JBoss 7.2 from GitHub:

       

      Re: JBoss 7.2 Warning:No assertion builder for type {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}ProtectTokens registered  

       

      So I switched back to the non-policy way, and used wss4jinterceptors instead.

       

      Again, using JBOSs 7.2 from GitHub, with all the modules that come with it.

      wss4j is 1.6.9.

       

      I followed the example in the following link.

      The STR references the SAML token now, the timestamp and body are signed.

      The SAML assertion has a signature inside the saml assertion.

      But the SAML assertion is not signed externally, ie, there is no reference to the SAML assertion in the Signature block.

      The Signature block only has reference to the timestamp and body.

       

       

      http://svn.apache.org/viewvc?view=revision&revision=1081802

       

       

      /**
      215* This test creates a holder-of-key SAML1 Assertion, and sends it in the security header
      216* to the provider.
      217*/
      218@Test
      219public void testSaml1TokenHOK() throws Exception {
      220Map<String, Object> outProperties = new HashMap<String, Object>();
      221outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
      222outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties");
      223outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
      224outProperties.put(WSHandlerConstants.USER, "alice");
      225outProperties.put("password", "password");
      226outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
      227SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
      228callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
      229outProperties.put(
      230WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
      231);

       

       

      Is there any way using CXF or JBOSSWS-CXF either policy or non-policy way to sign the saml assertion? I,e, have a reference to it in the Signature block, not just inside the saml assertion?