2

I am struggling with setting up the Web service security with OpenAM. Here is what I have done so far:

  1. I looked up openam documentation but I could nto find anything significant which points to web service security implementation details.

  2. However I found this link (http://www.oracle.com/technetwork/java/wss-sdn-1-137232.html) on OpenSSO oracle website which gives step by step instructions to secure the web services.

  3. Also I found this post (http://www.stormacq.com/web-services-security-with-opensso-security-token-service-sts/) which essentially says that there are many issues one might face while trying to implement WSS in OpenAM.

  4. I followed oracle link (point 2 above) and tried to implement the WSS in OpenAM version 10.0.0:

My questions:

  • But The WSS Agent I got from OpenAM website is glassfish version. I am not sure if extracting it and including files from it in my service and client will cause any issues if the server is not glassfish. OpenAM website has glassfish version only.

  • Another problem is that oracle tutorial was probably written in days of OpenSSO 8.0. Not sure if it will work with Open AM 10. I can see some differences in directory structure already.

  • It will be helpful if anyone can point me to any other available documentation for implementation of WSS in OpenAM.

  • Is it advisable to use some IDM solution other than OpenAM for WSS security if OpenAM WSS has known issues.

Any help here will be sincerely appreciated. Thanks in Advance.

Apoorve
  • 165
  • 3
  • 9

1 Answers1

1

WSS Agent actually is a JAX-WS filter implementation. It does not rely on GlassFish you can also use it with Tomcat and Metro. However I've not tested it with Apache CXF yet.

Unfortunately there's no real documentation yet. If you face issues you may post it to the OpenAM mailing list.

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • Thanks Bernhard for the quick reply. Just wondering if the JAX-WS implementation can also be used with JBOSS (as that's my target). Also, I am using http://www.oracle.com/technetwork/java/wss-sdn-1-137232.html link for the implementation steps. Hope that should be fine ? (Will post to openam mailing lists if i face a problem) – Apoorve Nov 09 '12 at 03:41
  • JBoss AP is using Apache CXF as JAX-WS implemenation by default. WSS Agent has only been tested with Metro JAX-WS implementation. As always most blogs are not comprehensive enough ... you can use the mentioned link as a starter but IIRC it's does not provide all info to be successfull – Bernhard Thalmayr Nov 09 '12 at 07:15
  • Thanks Bernhard for taking out your time for these quick inputs. – Apoorve Nov 09 '12 at 08:55