I am trying to implement SAML enabled SOAP services for the first time and I have something about the role of a secure token The conceptual questions are service in the SAML implementation (STS)
User ---> Web Application --- SOAP / SAML -> Messaging App
Basically the scenario is that the user The user enters the web application using the username and password, the web app The user authorizes an authenticated authentication / authorization with an external service in exchange, the web application claims to be a sender voucault as a user, signs logic with his private key, the claim in the soap envelope Uses Sleep calls in WS-S and Messaging apps. Once the messaging app receives the request, it confirms the signing of the web application's public key, removes the authentication and attribute statement from the SAML representation and based on the enforcement policy enforcement at the closing point.
As you can see in the above scenario no external STS was included, but the literature I read on SAML suggests that STS is absolutely essential. I have the question that I am doing something wrong with the above scenario because I do not see any reason because I need STS. Sure it will be good for the STS, but at least in my opinion, in its absence, I do not prevent me from implementing SAML in my use case.
No, you do not need STS for the SMB token in web services. The STS exchanges a token (where things like 'Username' passwords in 'token'), so it is useful for your web service consumer to access some input tokens (usually username / password or Signature + X.509 certificate). Cases) Get ready to go back to STS and a SAML claim.
Now, if you have the ability to create a SAML token that will be accepted by your web service provider, do it! No STS is necessary - the actual SOAP message on the wire is the same or not whether the STS was involved in its creation or not.
I wrote some entries a few years ago, some details from it:
Transferring Sun Access Manager 7.1 Given, but the principles are the same. In particular, the second entry is independent of any real product.
Comments
Post a Comment