-
1. Re: ADFS JBossWS and friends
anil.saldhana Dec 4, 2009 6:35 AM (in response to acoliver)From what I can see, you really need to provide some handler at the first instance where the IP origination has to be assumed as the credential. After that, you may need custom login modules to handle the interaction of this morphed security context (username, IP cred) and deal with the AD for the group information.
The scenario looks similar to a regular invocation of username/password except that we use IP origination as the cred. The login modules you write should just use the username to get hold of the groups from AD. -
2. Re: ADFS JBossWS and friends
anil.saldhana Dec 4, 2009 6:36 AM (in response to acoliver)One aspect that may be important is the trust between the computers. Just because an invocation comes with user/ip origination, do you trust?
-
3. Re: ADFS JBossWS and friends
acoliver Dec 4, 2009 7:44 AM (in response to acoliver)right but that is a "now/point-to-point" solution. We're doing that now. We want something more like: http://www.infoq.com/resource/articles/ws-standards-wcf-bustamante/en/resources/wstrust.jpg and this http://www.infoq.com/resource/articles/ws-standards-wcf-bustamante/en/resources/transport2.jpg
-
4. Re: ADFS JBossWS and friends
anil.saldhana Dec 4, 2009 8:00 PM (in response to acoliver)That is the reference to the trust I mentioned. An STS gives the necessary trust in an heterogeneous environment.