Shibboleth Developers

This is from Ashok:

Yes, I downloaded the code from their CVS server, and usually keep
updating every two to three days.

I ran the tests that came along with the whole WSS4J source code, but I
did dig the test cases, changed the test files, extracted the modified
SOAP Envelopes to the file, and verify them with the specifications. I
tried throwing plane SOAP Envelops without any security header to the
Axis server, which came along the source code, and the axis server sent
back the SOAP Fault msg.

One of the interesting things that I realized was to get the SAML test
running we need to override the in build Java Xml parser with their
specific dom3 parser. I tried replacing the parser with the Xerces 2.5
parser, but that started giving some other errors which forced me to use
their dom3 xml parser. We need to override the in build java parser with
standard Endorsement Override mechanism.

Yes, for the coming week I am going to write my own test programs and
try to run them through WSS4J source code, using self signed
certificates, and new keys.

Regards,

Ashok.
-----Original Message-----
From: 

 
[mailto:]
Sent: Friday, June 18, 2004 11:40 AM
To: Ashok Shah
Cc: 
;
 'Marek Hatala';

Subject: Re: WSS4J evaluation results

Thanks very much for the update.

It sounds like you've downloaded their latest version from their cvs,
and then run the tests that they supply?

In looking at the source for their test programs, have you seen any
surprises yet?

...and it sounds like the next step might be to develop your own
small test programs?

At 10:37 AM -0700 6/18/04, Ashok Shah wrote:
> Hello Everybody,
>
> I have tried to play around a little bit with the WSS4J.
>
> WSS4J is currently underdevelopment, but I was able to see the
following
> parts working and integrated with Axis
> 1)      OASIS Web Service Security: SOAP Message Security V1.0
> 2)      OASIS Web Service Security: Username Token Profile V1.0
> 3)      OASIS Web Service Security: X.509 Token Profile V1.0
>
> I have tried to run the code separately on the SOAP Envelop and verify
> the modified SOAP Envelop to the above specifications and found it to
be
> working perfect. I also tried to run tests on SOAP Envelop for the
> "OASIS Web Service Security: SAML profile" which was working well too.
>
> The tests that I ran came along with the WSS4J source code, and found
> them to be enough to prove our point. I didn't see the SAML Profile
> specifications integrated with the Axis, but I believe they are in the
> process of working it out.
>
> I will be running tests on our own test cases with our own certificates
> and keys. But it will take a little bit of time.
>
> Thanks,
>
> Ashok.