XWSS security with Spring not working.

[security.expert31]

Hi Everyone,
I have developed a web service using spring forum, which uses spring's XWSS security integration. I want to protect it by validating the SAML Assertion in the security header of the web service soap request. But after trying out few XWSS configurations, I got little confused that whethet I am on right track or not.

Background:
After getting authenticated with my Security Token Service(STS) I get the token of type HOK only and I want to pass this token directly in the <wsse:Security> header. But when I try to configure the Web service security policy file it says that it supports only SV type in <RequireSAMLAssertion> field.

The sun documentation is not very clear. [http://download.oracle.com/docs/cd/E...html#wp573466]

At one place they give an example of HOK type, but then it configures <SAMLAssertion> token instead of <RequireSAMLAssertion> token.

If I set MustUnderstand=1 in my web service request, I receive faultcode like below:
<faultcode>SOAP-ENV:MustUnderstand</faultcode>
<faultstring xml:lang="en">One or more mandatory SOAP header blocks not understood</faultstring>


I am not very sure of this limitation. Has anyone tried passing SAMLAssertion in security header? I am using spring-ws-2.0.0-RC2 for securing my web service.

I am badly stuck. Any help would be highly appreciated.

Thanks in advance.
NG

[hello123]

I am also facing the same issue. Please help

[security.expert31]

I am still waiting for response. Any help will be useful.

[security.expert31]

Do we have any samples for SAMLToken authentication? Shall we sign the SAMLAssertion and send the request to web service?