0 Replies Latest reply on May 23, 2014 9:43 AM by j_ri

    Authenticating POJO Endpoint with "SAML Holder-Of-Key Assertion Scenario" and calling EJB with container security

    j_ri
    j_ri May 23, 2014 9:43 AM

      Hello,

       

      I managed to get the "SAML Holder-Of-Key Assertion Scenario"

      https://docs.jboss.org/author/display/JBWS/SAML+Holder-Of-Key+Assertion+Scenario

      working.

       

      Now I want to call a StatelessSessionBean from my Webservice(POJO)Endpoint implementation. How can I get the SAML asserted/authenticated principal into the security context of the container, so the the EJB container has the user information from the SAML assertion?

      At the moment the webservice implementation has not the right to call a method on an ejb. In "webServiceContext.getUserPrincipal()" I can see the correct user, but this is not transferred in th EJB call.

       

      I think JBossWS-CXF should use a JBoss security-domain to authenticate the SAML token, instead of using the internal CXF logic. Or at least there should be a bridge from the CXF security context to the JBoss security domain, isn't it?

       

      I found this link:

      https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization

      But this is not working for the SAML scenario

      The "SubjectCreatingPolicyInterceptor" needs a "WSUsernameTokenPrincipal", but gets a "SAMLTokenPrincipal".....

       

       

      I would appreciate anny ideas to call a secured ejb from a SAML authenticated Webservice.

       

      Thanks,

      Jochen