Announcement Announcement Module
Collapse
No announcement yet.
XWSS security with Spring not working. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • XWSS security with Spring not working.

    Hi Everyone,
    I have developed a web service using spring forum, which uses spring's XWSS security integration. I want to protect it by validating the SAML Assertion in the security header of the web service soap request. But after trying out few XWSS configurations, I got little confused that whethet I am on right track or not.

    Background:
    After getting authenticated with my Security Token Service(STS) I get the token of type HOK only and I want to pass this token directly in the <wsse:Security> header. But when I try to configure the Web service security policy file it says that it supports only SV type in <RequireSAMLAssertion> field.

    The sun documentation is not very clear. [http://download.oracle.com/docs/cd/E...html#wp573466]

    At one place they give an example of HOK type, but then it configures <SAMLAssertion> token instead of <RequireSAMLAssertion> token.

    If I set MustUnderstand=1 in my web service request, I receive faultcode like below:
    <faultcode>SOAP-ENV:MustUnderstand</faultcode>
    <faultstring xml:lang="en">One or more mandatory SOAP header blocks not understood</faultstring>


    I am not very sure of this limitation. Has anyone tried passing SAMLAssertion in security header? I am using spring-ws-2.0.0-RC2 for securing my web service.

    I am badly stuck. Any help would be highly appreciated.

    Thanks in advance.
    NG

  • #2
    I am also facing the same issue. Please help

    Comment


    • #3
      I am still waiting for response. Any help will be useful.

      Comment


      • #4
        Do we have any samples for SAMLToken authentication? Shall we sign the SAMLAssertion and send the request to web service?

        Comment

        Working...
        X