|

»

SAML 2.0 Token with AuthnStatement _and_ AttributeStatement

View: New views

4 Messages — Rating Filter: Alert me

	SAML 2.0 Token with AuthnStatement _and_ AttributeStatement by metro-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, in my STS, I need to create a SAML 2.0 Token with an AuthnStatement [b]and[/b] an AttributeStatement. Metro 2.0 EA adds the former [b]or[/b] the latter but not both. How can I add both Statements? - or - Why is this a bad Idea and how to make it better? Regards, Andreas [Message sent by forum member 'andreasnagel' (andreasnagel)] http://forums.java.net/jive/thread.jspa?messageID=353911 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: SAML 2.0 Token with AuthnStatement _and_ AttributeStatement by metro-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > Hi, > > in my STS, I need to create a SAML 2.0 Token with an > AuthnStatement [b]and[/b] an AttributeStatement. > > Metro 2.0 EA adds the former [b]or[/b] the latter but > not both. > > How can I add both Statements? Then you need have a custom STSTokenProvider. > - or - > Why is this a bad Idea and how to make it better? It depends on what you need. The AttirbuteStatement contains the Subject (or in the case of SAMl 2.0, the Subject is an independent element). What information you need from the AuthenticationStstement, authentication method? Regards, Jiandong > > Regards, > Andreas [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=354523 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: SAML 2.0 Token with AuthnStatement _and_ AttributeStatement by metro-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jiandong, > Then you need have a custom STSTokenProvider. That's, what i feared. It seems to be a tough work to create an own STSTokenProvider. > What information you need from the AuthenticationStstement, authentication method? Yes, I need to specify the Authentication method (like X509, X509-SelfSigned, Username/Password) and the type of registration to the system (like self registered, self registered with verification by phone or registered by staff). Can you point me to the right direction, on how to do this with an own STSTokenProvider? Would OpenSAML be helpful? Regards, Andreas [Message sent by forum member 'andreasnagel' (andreasnagel)] http://forums.java.net/jive/thread.jspa?messageID=354597 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: SAML 2.0 Token with AuthnStatement _and_ AttributeStatement by metro-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > > Can you point me to the right direction, on how to do > this with an own STSTokenProvider? > Would OpenSAML be > helpful? You just need to override the createSAML20Assertion() method in our DefaultSAMLTokenProvider. We create AUthenticationStatement or AttributeStatement depending on if the if (claimedAttrs.isEmpty()) or not. You just remove the check to create the both in the same time. More precisely, from: if (claimedAttrs.isEmpty()){ AuthnContext ctx = samlFac.createAuthnContext(authnCtx, null); final AuthnStatement statement = samlFac.createAuthnStatement(issueInst, null, ctx, null, null); statements.add(statement); }else{ final AttributeStatement statement = samlFac.createAttributeStatement(null); statements.add(statement); } to AuthnContext ctx = samlFac.createAuthnContext(authnCtx, null); final AuthnStatement statement = samlFac.createAuthnStatement(issueInst, null, ctx, null, null); statements.add(statement); final AttributeStatement statement = samlFac.createAttributeStatement(null); statements.add(statement); You can plugin you custom STSTokenProvider in the same as STSAttributeProvider: http://blogs.sun.com/trustjdg/entry/create_customer_sts_with_wsit > Would OpenSAML be > helpful? No. It is a low level library. Thanks! Jianodng [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=354763 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...