Announcement Announcement Module
Collapse
No announcement yet.
Add custom SAML Assertion to Security Element? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Add custom SAML Assertion to Security Element?

    Hi,

    I'm sure I'm going about this wrong. Any pointers would be greatly appreciated.

    I have a Spring-WS client that I am writing using the WebServiceTemplate. The service that I am consuming requires me to sign the body and include a SAML token in the header. The SAML token itself is somewhat of a dummy token - it is not generated by an SSO service at this point. I have the contents of the SAML assertion that I want to insert, but I just do not understand how to do it.

    At the moment, I have figured out how to configure the Wss4jSecurityInterceptor to sign the body, however I do not know/understand how to best add the SAML assertion to the Security header. I tried to hack it in using a Callback, but it would seem that the interceptors are fired after the callbacks, so that doesn't help me.

    I have managed to hack it into the Wss4jSecurityInterceptor, but my solution is unbearably ugly. Functional, but a real train wreck to look at.

    Code:
    public class SAMLInterceptor extends Wss4jSecurityInterceptor {
    
    	/* (non-Javadoc)
    	 * @see org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor#secureMessage(org.springframework.ws.soap.SoapMessage, org.springframework.ws.context.MessageContext)
    	 */
    	@Override
    	protected void secureMessage(SoapMessage soapMessage, MessageContext messageContext) throws WsSecuritySecurementException {
    		super.secureMessage(soapMessage, messageContext);
    		
    		String samlAssertion = "";
    		try {
    			samlAssertion = IOUtils.toString(getClass().getClassLoader().getResourceAsStream("requests/samlAssertion.xml") );
    		} catch (IOException e) {
    			// TODO Auto-generated catch block
    			e.printStackTrace();
    		}
    		
    		// insert SAML
    		SoapHeader soapHeader = soapMessage.getSoapHeader();
    		Iterator<SoapHeaderElement> it = soapHeader.examineHeaderElements(new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse" ) ); 
    		if( it.hasNext() ) {
    			Transformer transformer;
    			try {
    				transformer = TransformerFactory.newInstance().newTransformer();
    				transformer.transform(new StringSource(samlAssertion), it.next().getResult());
    			} catch (TransformerException e) {
    				// TODO Auto-generated catch block
    				e.printStackTrace();
    			}
    		}	
    
    	}
    
    
    }
    Is there a cleaner/simpler solution for this?

    Thanks,

    Eric
    Last edited by benze; Jun 21st, 2012, 12:48 PM. Reason: Added ugly Interceptor code
Working...
X