|
»
Metro 1.5 - SAML HOK - STS failing to add claims
|
View:
New views
13 Messages
—
Rating Filter:
Alert me
|
 |
Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
Hi
I am a newbbie to metro and I am working through the tutorial examples and can't get the SAML HOK profile to work. I am using java 1.6, glassfish V2ur2 (updated to metro 1.5) and netbeans 6.7.1 In my example, I have these configurations: 1) STS (issuing SAML1.1 token, using custom AttributeProvider) Profile: SAML HOK 1.1 Keystore: Yes, alias : wssip Truststore: yes Acting as STS 2) Webservice Provider Profile: STS Issued Token Keystore: yes, alias: XWS-security-server truststore: yes 3) WS client ( with samlCallbackHandler to create the SAML assertions) Webservice Provider Profile -Keystore: yes. alias: xws-security-client -truststore: yes, alias: wssip I also attach the SAML assertions created by the client and the SAML assertions received by the STS (which seems the same). When I run the client, I got this error: Exception: javax.xml.ws.WebServiceException: Cannot secure request for {http://calculator.test.org/}CalculatorWSPort After some debugging and digging, I note that the STS is failing to create the outgoing SAML token, and the stacktrace shows: Caused by: com.sun.xml.ws.api.security.trust.WSTrustException: java.lang.NullPointerException at com.sun.xml.ws.security.trust.util.WSTrustUtil.addSamlAttributes(WSTrustUtil.java:437) at com.sun.xml.ws.security.trust.impl.IssueSamlTokenContractImpl.createSAML11Assertion(IssueSamlTokenContractImpl.java:484) at com.sun.xml.ws.security.trust.impl.IssueSamlTokenContractImpl.createSAMLAssertion(IssueSamlTokenContractImpl.java:147) at com.sun.xml.ws.security.trust.impl.IssueSamlTokenContract.issue(IssueSamlTokenContract.java:381) at com.sun.xml.ws.security.trust.impl.IssueSamlTokenContract.issue(IssueSamlTokenContract.java:97) at com.sun.xml.ws.security.trust.sts.BaseSTSImpl.issue(BaseSTSImpl.java:323) at com.sun.xml.ws.security.trust.sts.BaseSTSImpl.invoke(BaseSTSImpl.java:187) I tried to follow the source code using the version in http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules-com.sun/wsit/com/sun/xml/ws/security/trust/ but the line number doesn't match, so I must be using a different release to the one on the website. Could someone please help? Thanks in advance S [Message sent by forum member 'syc17' (shirley.crompton@...)] http://forums.java.net/jive/thread.jspa?messageID=370910 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
Can you provide more details?
Which tutorial example you were working with? Why you need to create an SAML assertion on the client side and send it to the STS? Can you post your STS wsdl and service wsdl? I will have more clues seeing them. [Message sent by forum member 'jdg6688' (jiandong.guo@...)] http://forums.java.net/jive/thread.jspa?messageID=370936 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
In any cse, very likely you add some null values for some attributes in your
custom STSAttributeProvider. So the NPE. [Message sent by forum member 'jdg6688' (jiandong.guo@...)] http://forums.java.net/jive/thread.jspa?messageID=370937 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
Thanks for the pointer. Yes, it was the claims processing that was the problem.
But I also have to use a different algorithm suite (from Basic256Sha256 to Basic256RSA15). Not quite understand why as I have updated the local_policy.jar and US_export_policy.jar in the <JRE> and <JDK>/lib/security folders.??? So I have managed to (kind of) make the SAML2.0 HOK profile work with a configuraiton of clientWS getting a SAML token from an STS to use a protected WS. I am learning metro as I have a need to develop a STS that a user authenticates himself to with this certificate and the STS issues SAML token with claims for the user. And the user will be sending his own assertions for the STS to validate. Is this the correct set up to use for the use case? 1) client - STS (SAML2.0 HOK) 2) client - WS Provider (STS Issued Token)? I enclose the STS and service WSDLs Also, I am not sure if I am setting up the user assertions correctly in the SAMLCallbackhandler and processing it in the custom AttributeProvider. I enclose the code. I am having problem parsing the nameID from the incoming assertions and ended up have to hardcode it. Could you please tell me where I am going wrong? And are there good !UP-TO-DATE! examples or tutorials that I could use? Thanks S [Message sent by forum member 'syc17' (shirley.crompton@...)] http://forums.java.net/jive/thread.jspa?messageID=371182 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
> I am learning metro as I have a need to develop a STS
> that a user authenticates himself to with this > certificate and the STS issues SAML token with claims > for the user. And the user will be sending his own > assertions for the STS to validate. Is this the > correct set up to use for the use case? > > 1) client - STS (SAML2.0 HOK) > 2) client - WS Provider (STS Issued Token)? Ok. I see your use case.You should use SAML sender vouches with Certificates instead of SAML HOK for STS so that the policy is like: <wsp:Policy wsu:Id="CalculatorPortBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <wsam:Addressing wsp:Optional="false"/> <sp:AsymmetricBinding> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssX509V3Token10/> <sp:RequireIssuerSerialReference/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"> <wsp:Policy> <sp:WssX509V3Token10/> <sp:RequireIssuerSerialReference/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128Sha256/> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10> <wsp:Policy> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedEncryptedSupportingTokens> <wsp:Policy> <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssSamlV20Token11/> </wsp:Policy> </sp:SamlToken> </wsp:Policy> </sp:SignedEncryptedSupportingTokens> <sc:KeyStore wspp:visibility="private" location="C:\metro\AppServer\domains\domain2\config\keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> This way you will have both the cert and SAML assertion of the client sent to the STS. > > > I enclose the STS and service WSDLs > > Also, I am not sure if I am setting up the user > assertions correctly in the SAMLCallbackhandler and > processing it in the custom AttributeProvider. I > enclose the code. I am having problem parsing the > nameID from the incoming assertions and ended up have > to hardcode it. Could you please tell me where I am > going wrong? And are there good !UP-TO-DATE! > examples or tutorials that I could use? > > > Thanks > > S http://forums.java.net/jive/thread.jspa?messageID=371186 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML HOK - STS failing to add claims
by metro-3
::
Rate this Message:
> Also, I am not sure if I am setting up the user
> assertions correctly in the SAMLCallbackhandler and > processing it in the custom AttributeProvider. I > enclose the code. I am having problem parsing the > nameID from the incoming assertions and ended up have > to hardcode it. Could you please tell me where I am > going wrong? And are there good !UP-TO-DATE! > examples or tutorials that I could use? Here are some samples for processing SAML assertion with API's (in stead of DOM) we have: http://fisheye5.cenqua.com/browse/wsit/wsit/samples/ws-trust/delegate/src/common/SampleSTSAttributeProvider.java?r=1.2 You may find more information about Metro usage here: http://blogs.sun.com/trustjdg/ Regards, Jiandong [Message sent by forum member 'jdg6688' (jiandong.guo@...)] http://forums.java.net/jive/thread.jspa?messageID=371187 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
Hi Jiandong
Thanks for your advice. I've swapped the configuration to use Client->STS SAML SV with Certificates Client->WS STS Issued token. I can run the client and access the calcaluator web service. However, there are still several issues about the processing of claims that I do not understand. I have looked at yours and various other samples but still can't work out what's wrong. Some pointers would be very much appreciated as I am not an expert in WS-security or WS-trust. I am using metro 1.5 with glassfish V2Ur12 and java 1.6 (note, we can't use Metro 2.0 yet - company policy not to use latest release) My questions are: 1) I have set up claims manually in the WS wsdl : - <sp:RequestSecurityTokenTemplate> - <ns2:Claims xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512" wsp:optional="true"> <ns3:ClaimType xmlns:ns3="http://schemas.microsoft.com/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" /> </ns2:Claims> <ns4:KeySize xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/200512">128</ns4:KeySize> <ns5:KeyType xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</ns5:KeyType> <ns6:TokenType xmlns:ns6="http://docs.oasis-open.org/ws-sx/ws-trust/200512">urn:oasis:names:tc:SAML:2.0:assertion</ns6:TokenType> </sp:RequestSecurityTokenTemplate> And when I run the application, my custom STS Attribute provider can find some claims but it never returned anything in the issued SAML token. (I enclose the STS AttributeProvider code) There must be a problem in the way I process the claims in the STS Attribute provider. Eg. Is there a specific operation in the claims class that I should use to get the claims set up in the above wsdl fragment? 2) And I have manually added some assertion statements in the incoming SAML token which I want to put into the issued SAML token, but this doesn't work either. Here is the SAML assertion statements being sent to the STS: <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" .... <saml2:Attribute Name="Role" NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity"><saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" ns6:type="ns7:string">super</saml2:AttributeValue><saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" ns6:type="ns7:string">customer</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion> I only get the attributes that I've hardcoded in the STS Attribute Provider. I note that there is an exception reported on this: STS AP: SAMLException : com.sun.xml.wss.saml.SAMLException: java.lang.IllegalArgumentException: prefix ns7 is not bound to a namespace|#] Here is the code that I used to create the attributes: List attributeValues = new LinkedList(); attributeValues.add("super"); attributeValues.add("customer"); List attributes = new LinkedList(); attributes.add( factory.createAttribute( "Role", //attribute name, String "http://schemas.xmlsoap.org/ws/2005/05/identity", //namspace attributeValues)); //list of values statements.add( factory.createAttributeStatement(attributes)); Is there something wrong in the code that led t the generation of ns7 prefix? Thanks S [Message sent by forum member 'syc17' (shirley.crompton@...)] http://forums.java.net/jive/thread.jspa?messageID=371297 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
> I am using metro 1.5 with glassfish V2Ur12 and java
> 1.6 (note, we can't use Metro 2.0 yet - company > policy not to use latest release) > > My questions are: > > 1) I have set up claims manually in the WS wsdl : > > - <sp:RequestSecurityTokenTemplate> > - <ns2:Claims > xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/2 > 00512" wsp:optional="true"> > <ns3:ClaimType > xmlns:ns3="http://schemas.microsoft.com/ws/2005/05/id > ntity" > Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/cl > aims/role" /> > </ns2:Claims> > <ns4:KeySize > xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-trust/2 > 00512">128</ns4:KeySize> > <ns5:KeyType > xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/ > 00512">http://docs.oasis-open.org/ws-sx/ws-trust/20051 > 2/SymmetricKey</ns5:KeyType> > <ns6:TokenType > xmlns:ns6="http://docs.oasis-open.org/ws-sx/ws-trust/ > 00512">urn:oasis:names:tc:SAML:2.0:assertion</ns6:Toke > nType> > </sp:RequestSecurityTokenTemplate> > > And when I run the application, my custom STS > Attribute provider can find some claims but it never > returned anything in the issued SAML token. (I > enclose the STS AttributeProvider code) There must be > a problem in the way I process the claims in the STS > Attribute provider. Eg. Is there a specific > operation in the claims class that I should use to > get the claims set up in the above wsdl fragment? http://blogs.sun.com/trustjdg/entry/handling_claims_with_sts http://blogs.sun.com/trustjdg/entry/handling_token_and_key_requirements3 claims in the wsdl just tells you the type of claims required (e.g role of the user), you need to set the attributes of the user accordingly (e.g. role is "manager"). http://fisheye5.cenqua.com/browse/wsit/wsit/samples/ws-trust/runtime/src/common/MySTSAttributeProvider.java?r=1.1 [Message sent by forum member 'jdg6688' (jiandong.guo@...)] http://forums.java.net/jive/thread.jspa?messageID=371336 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
> 2) And I have manually added some assertion
There is a bug which loses the namespace declaration for ns7.
> statements in the incoming SAML token which I want to > put into the issued SAML token, but this doesn't work > either. Here is the SAML assertion statements being > sent to the STS: > > <saml2:Assertion > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" > .... > <saml2:Attribute Name="Role" > NameFormat="http://schemas.xmlsoap.org/ws/2005/05/iden > tity"><saml2:AttributeValue > xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" > ns6:type="ns7:string">super</saml2:AttributeValue><sam > l2:AttributeValue > xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" > ns6:type="ns7:string">customer</saml2:AttributeValue>< > /saml2:Attribute></saml2:AttributeStatement></saml2:As > sertion> > > I only get the attributes that I've hardcoded in the > STS Attribute Provider. > I note that there is an exception reported on this: > > STS AP: SAMLException : > com.sun.xml.wss.saml.SAMLException: > java.lang.IllegalArgumentException: prefix ns7 is not > bound to a namespace|#] > > Here is the code that I used to create the > attributes: > > List attributeValues = new LinkedList(); > attributeValues.add("super"); > attributeValues.add("customer"); > > List attributes = new LinkedList(); > attributes.add( > factory.createAttribute( > "Role", //attribute name, String > > http://schemas.xmlsoap.org/ws/2005/05/identity", > //namspace > attributeValues)); //list of > values > > statements.add( > > actory.createAttributeStatement(attributes)); > > Is there something wrong in the code that led t the > generation of ns7 prefix? > One way is that you can inject claims directly on the client side following: http://blogs.sun.com/trustjdg/entry/handling_token_and_key_requirements3, here since you also want the client supply the attribute values, you need to extend the samples a bit with MyClaims handles claim type: like: <ic:ClaimType Uri=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role”, value="super" /> Then read it out on the STS attribute provider to put in the attributes fro the issued SAML assertion. If you still want to use SAML assertion, you may add the attribute manually like: http://fisheye5.cenqua.com/browse/wsit/wsit/rt/src/com/sun/xml/ws/security/trust/util/WSTrustUtil.java?r=1.32 [Message sent by forum member 'jdg6688' (jiandong.guo@...)] http://forums.java.net/jive/thread.jspa?messageID=371338 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
Hi
First of all, many thanks for your help. 1) ----There is a bug which loses the namespace declaration for ns7. Is this a bug in WSIT or JAX-WS? 2)----One way is that you can inject claims directly on the client side following:.. com.sun.xml.ws.security.trust.STSIssuedTokenFeature is in metro 2.0 ? is this right. As explained previously, we are not allowed to use the latest release. So I am stuck with manually injecting claims by amending the WS.xml. I have updated my claims handling according to your blog (http://blogs.sun.com/trustjdg/entry/handling_claims_with_sts) but I still can't get any claims coming through. My understanding is that the client copies the Claims, together with all the other elements in the RequestSecurityTokenTemplate into its request for a security token, but I can't see any claims element in the RequestSecurityToken msg being send to the STS. Here is the claims that I have inserted in the ws.xml config file: <sp:RequestSecurityTokenTemplate> <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType> <t:KeySize>128</t:KeySize> <!--manually add claims here --> <t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"> <ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/> </t:Claims> </sp:RequestSecurityTokenTemplate> and here is the STRequest sent to the STS (taken from the glassfish server log) ClassName=com.sun.xml.ws.security.opt.impl.incoming.processor.StreamingPayLoadDigester;MethodName=accept;_RequestID=63053e15-d64a-41ba-a8f9-d3edf2683c6a;|WSS1764: Canonicalized PayLoad is: <S:Body xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_5002"> <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>http://localhost:8080/CalculatorApplication/CalculatorWSService</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><trust:SecondaryParameters><trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType><trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType><trust:KeySize>128</trust:KeySize></trust:SecondaryParameters><trust:Entropy><trust:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">Ia6RmwQFAgFlb0TX9+nA2Q==</trust:BinarySecret></trust:Entropy><trust:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</trust:ComputedKeyAlgorithm></trust:RequestSecurityToken></S:Body> So I don't think there were any claims for the STSAttribute Provider to pick up. FYI, I have refreshed the client's WSReference to the WS to make sure that the new RSTTemplate is picked up, it has. So what have I missed? Thanks S [Message sent by forum member 'syc17' (shirley.crompton@...)] http://forums.java.net/jive/thread.jspa?messageID=371390 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
Oh, you are using standard version ws-securiytpolicy 1.2.
In this case, the syntax is different, Claims is defined as a top level subelement of IssuedToken: (http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826536) <sp:IssuedToken> <sp:Issuer> ... </sp:Issuer> <!--manually add claims here --> <t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"> <ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/> </t:Claims> <sp:RequestSecurityTokenTemplate> <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType> <t:KeySize>128</t:KeySize> </sp:RequestSecurityTokenTemplate> </IssuedToken> [Message sent by forum member 'jdg6688' ] http://forums.java.net/jive/thread.jspa?messageID=371658 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
Thanks again! Will give this a try.
I am a newbie but keen to learn more about the process. I understand that the client copies the RSTTemplate into the request to the STS. If the Claims is defined outside the RSTTemplate, how would the STS know what attributes to provide? Does WSIT actually look up the WSDL of the target web service to get claims requirements? Which version of ws-securitypolicy should I use if I want to stick with claims being defined in the RSTtemplate? Thanks in advance, S [Message sent by forum member 'syc17' ] http://forums.java.net/jive/thread.jspa?messageID=371761 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Metro 1.5 - SAML SV - STS failing to add claims
by metro-3
::
Rate this Message:
> Thanks again! Will give this a try.
> > I am a newbie but keen to learn more about the > process. I understand that the client copies the > RSTTemplate into the request to the STS. If the > Claims is defined outside the RSTTemplate, how would > the STS know what attributes to provide? In this case, it will be copied into the request message from the client to the STS, together with the entries in RSTT. Regards, Jiandong [Message sent by forum member 'jdg6688' ] http://forums.java.net/jive/thread.jspa?messageID=371770 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
