1

Earlier I was in assumption that, WSS4J is not compatible with SAML, but as I see this http://jaminhitchcock.blogspot.in/2014/05/creating-and-validating-saml-assertions.html , I hope to give a try. But I want to use a Identity Provider(WSO2) to generate SAML token. So I should be able to configure WSS4J with a SecurityPolicy.xml file which verifies the token from Identity Provider. Please let me know where can I start looking for it?

Thanks

Community
  • 1
  • 1
Chakradhar K
  • 501
  • 13
  • 40

1 Answers1

1

There are two ways that you can generates SAML tokens with Identity Server.

  1. Use Identity Server as SAML2 SSO IDP that implements SAML2 SSO web browser based profile.

  2. Use Identity Server as STS (Security Token Server) with WS-Trust specification.

I think, It is more likely that you are hoping to use Identity Server as STS. With STS, Identity Serve provides a web service to retrieve SAML tokens. This STS web service can be secured with WS-Security mechanism by default. As an example, you can secure STS service with user name token. Then client needs to send the RST request with user name token. Once user it authenticated, client would be received a SAML token. I think, you can find some information about STS service from here

Community
  • 1
  • 1
Asela
  • 5,781
  • 1
  • 15
  • 23
  • Thank you very much.As you said I now understand the flow from Web service client end.That is client requests the token from STS using web service, embeds the token into actual service request and sends to service provider.But I couldn't find a suitable example to work from Service end. that is how the service verifies the token received in request with IDP. Is it also a web service call? will The '
    https://localhost:9444/services/wso2carbon-sts
    ' in security policy helps service to verify it?Any Spring-ws or CXF as service example?     – Chakradhar K Jun 09 '14 at 17:20