Mar 25th, 2011, 05:49 AM
XWSS security with Spring not working.
I have developed a web service using spring forum, which uses spring's XWSS security integration. I want to protect it by validating the SAML Assertion in the security header of the web service soap request. But after trying out few XWSS configurations, I got little confused that whethet I am on right track or not.
After getting authenticated with my Security Token Service(STS) I get the token of type HOK only and I want to pass this token directly in the <wsse:Security> header. But when I try to configure the Web service security policy file it says that it supports only SV type in <RequireSAMLAssertion> field.
The sun documentation is not very clear. [http://download.oracle.com/docs/cd/E...html#wp573466]
At one place they give an example of HOK type, but then it configures <SAMLAssertion> token instead of <RequireSAMLAssertion> token.
If I set MustUnderstand=1 in my web service request, I receive faultcode like below:
<faultstring xml:lang="en">One or more mandatory SOAP header blocks not understood</faultstring>
I am not very sure of this limitation. Has anyone tried passing SAMLAssertion in security header? I am using spring-ws-2.0.0-RC2 for securing my web service.
I am badly stuck. Any help would be highly appreciated.
Thanks in advance.
Mar 27th, 2011, 11:57 PM
I am also facing the same issue. Please help
Mar 28th, 2011, 11:37 PM
I am still waiting for response. Any help will be useful.
Mar 29th, 2011, 01:55 AM
Do we have any samples for SAMLToken authentication? Shall we sign the SAMLAssertion and send the request to web service?
Tags for this Thread