OpenSAML user discussion

[(Rami Jaamour)]

Is this class org.opensaml.SAMLSOAPBinding? So I can use this in an Axis handler? Do you have an example of this? It is OK that client side impl is not complete at this point, I am more interested with the server side.

Thank You,

Rami Jaamour
Software Engineer
Web Services Solutions
Parasoft Corporation

"We Make Software Work"

Scott Cantor wrote:

The "Bindings and Profiles for the OASIS Security Assertion Markup 
Language (SAML) V1.1" - OASIS standard, 2 September 2003 describes the 
SAML binding for SOAP within the SOAP Body. I was able to use Apache 
WSS4J to generate SAML Assertions in the SOAP Header, but it would be 
nice if I can bind SAML to the SOAP Body as the profile states.  What is 
the best way to have my Axis/OpenSAML generate them in the SOAP Body 
based on a request query (in the SOAP Body)? I'm also posting this 
question to the WSS4J list.
    

Well, I have a class that already does this for you, and it follows the
letter of the spec in the sense that using arbitrary SOAP features with the
SAML binding is technically not allowed. Thus, I one-offed it, using Axis
would have been silly.

It needs more work, particularly the client end (in Java) and regarding
authentication of the messages.

Since it needs to get more powerful anyway, to deal with SAMLv2, I'd like to
work with somebody using WSS4J to make sure the hooks are there to support
adding headers, etc.

But I believe using a full SOAP stack would be overkill and would be too
much of a dependency. I'd like to simply deal with the body myself but farm
out header processing and transport-based authentication in a modular way.

-- Scott