1 Reply Latest reply on Nov 16, 2016 8:18 AM by Cristian Ghezzi

    How to make SAML work in fuse 9.2.1?

    Cristian Ghezzi Newbie

      I'm trying to implement a cxf web service that requires a SAML2 token to run.

      The scenario is identical to the "sts" example in the apache CXF distribution, and to the fuse docs in the "STS Demonstration" chapter.

      What I did was to copy the sts server example from CXF and make it into a bundle.

      When I download the WSDL from fuse, the service correctly shows the "AsymmetricSAML2Policy" that protects the endpoint, but when I call the same service with SoapUI and no token, the call goes through successfully as if no protection was implemented at all, with no errors in the log.

      You can see all the sources in my SO post.


      What looks weird to me is that the same exact code works as expected when run outside fuse (as in the CXF original example).

      So I guess I'm missing some kind of configuration that is needed to enable ws-trust in fuse.

        • 1. Re: How to make SAML work in fuse 9.2.1?
          Cristian Ghezzi Newbie

          The code is correct. What is missing is the proper configuration of karaf.

          By issuing a


              features:list | grep cxf-ws-security



          you can check if the feature is installed. To install it, just type


              features:install cxf-ws-security


          I found the solution in the README.md of the cxf/secure-soap fuse quickstart. The whole fuse cxf security guide doesn't mention it!

          Also, it's quite weird that a protected service works unprotected when its protection library is missing, with no messages in the log whatsoever.