Skip to main content

Re: Converting Assertion token type

6 replies [Last post]
Anonymous

On 04/20/2012 10:24 AM, Gina Choi wrote:
>
>> 2. You can't use Metro for Web services. No Passive SSO/federation support.
> If Metro STS can support Passive SSO/federation, that would be ideal. We can
> pair it with LADP. Do you have a plan to support in the future?
>
> Gina

If the answer is "no", Apache CXF has a "Fediz" project in the sandbox
that seems pretty active, Picketlink is another option. I'd check those
projects' mailing lists for more information.

Glen

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
gchoi

>If the answer is "no", Apache CXF has a "Fediz" project in the sandbox
>that seems pretty active, Picketlink is another option. I'd check those
>projects' mailing lists for more information.

What is Apache CXF? Is this Apache Rampart? I have heard about Apache
Rampart.

Oliver Wulff

Apache CXF is a web services and rest framework at apache. The sub-project
fediz support ws-federation passive requestor profile. Most security
processing is stack agnostic (fediz-core module) and can be plugged in to
any stack. Out of the box support for tomcat is provided - more to come.

The following blog describes how to integrate the web sso (saml) with the
web services stack (on-behalf-of):
Design:
http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web.html
Implementation:
http://owulff.blogspot.com/2012/04/sso-across-web-applications-and-web_1...

Oli
Am 24.04.2012 18:36 schrieb "gchoi" :

Gina Choi

Jiandong,

If I inject DOM Element previously get from DOM API, Metro generate following
actas token and send it to ADFS. But the problem is that metro is adding
empty xmlns="" attribute in each Node inside ActAs element and ADFS doesn't
like that.

Following is ADFS error message.

Additional Data
Exception details:
System.Xml.XmlException: Duplicate attribute found. Both 'xmlns:' and
'xmlns:' are from the namespace 'http://www.w3.org/2000/xmlns/'. Line 5,
position 2206.

Following is part of Metro ActAs token.

http://strts01.ams.dev/adf
s/services/trusturn:federation:authentication:windows

jdg6688
Offline
Joined: 2005-11-02
Points: 0

Which version of Metro are you using?

On 5/7/2012 1:39 PM, Gina Choi wrote:
> Jiandong,
>
> If I inject DOM Element previously get from DOM API, Metro generate following
> actas token and send it to ADFS. But the problem is that metro is adding
> empty xmlns="" attribute in each Node inside ActAs element and ADFS doesn't
> like that.
>
> Following is ADFS error message.
>
> Additional Data
> Exception details:
> System.Xml.XmlException: Duplicate attribute found. Both 'xmlns:' and
> 'xmlns:' are from the namespace 'http://www.w3.org/2000/xmlns/'. Line 5,
> position 2206.
>
>
> Following is part of Metro ActAs token.
>
>
> xmlns:wst14="http://docs.oasis-open.org/ws-sx/ws-trust/200802"> xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns=""
> ID="_c4c617cd-e49e-4e00-b40a-d1661d9a924a"
> IssueInstant="2012-05-07T13:52:35.799Z" Version="2.0"> xmlns:ns16="urn:oasis:names:tc:SAML:2.0:assertion">http://strts01.ams.dev/adf
> s/services/trust xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:ns16="urn:oasis:names:tc:SAML:2.0:assertion"> ionMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> URI="#_c4c617cd-e49e-4e00-b40a-d1661d9a924a"> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> od
> ...........
> 07T13:52:35.111Z"
> SessionIndex="_c4c617cd-e49e-4e00-b40a-d1661d9a924a"> extClassRef>urn:federation:authentication:windows hnContext>
>
>

Gina Choi

Jiandong,

It might not Metro adding that. I was debugging through DOM transform code
and I am seeing following. The fifth member of attribute of the Assertion is
null. I wonder if it is equivalent to xmlns="". This is before sending to
Metro.

[ID="_c4c617cd-e49e-4e00-b40a-d1661d9a924a",
IssueInstant="2012-05-07T13:52:35.799Z", Version="2.0",
xmlns="urn:oasis:names:tc:SAML:2.0:assertion", null]

And I am using following code.

DocumentBuilder db =
DocumentBuilderFactory.newInstance().newDocumentBuilder();
InputSource is = new InputSource();
is.setCharacterStream(new
StringReader(decodedSamlTokenStr));
Document doc = db.parse(is);
NodeList nodes =
doc.getElementsByTagName("Assertion");
element = (Element) nodes.item(0);

Gina Choi

I am using Metro2.2.