SHYAM RAO

« How to import PFX... | Main | Advanced Web Service... »
Tuesday Aug 07, 2007

WS-Trust Extension points support in METRO

Metro provides Secure, Reliable, Transactional and .NET 3.0 interoperable Web services stack in GlassFish. This entry talks about WS-Trust Extension points support in Metro .

There are three extension points being exposed in Sun's WS-Trust implementation.
The purpose of these extension points is to make STS implementation more transparent to user. User can implement these extension points, if they want to implement STS as per their business requirement.

1. STSAuthorizationProvider :

Developer can implement this extension to do runtime authorization of a requestor for token to be issued. 

For example : Create two users and in the provider implementation, put a authorization logic for only one user to be allowed to access the target service. You get the user name from the user's Subject principal.


2. STSAttributeProvider :

Developer can implement this extension to pass requestor's detail to be included in the token to be issued. The attribute returned by this provider implementation will be picked up by the SAML assertion created by STS. Users may have different identities for different services. You may have a identity mapping for different services. On the service side, you may supply your SAML Token validator to check if the actual user id and attributes returned by the provider implementation are picked up or not.

For example :

  • alice maps to abcd if the target service is http://..... and also provide some attributes like role, email address

  • Issued SAML Token carries a user attribute like "role of the user", which can be used for authorization on service

3. STSConfigurationProvider :

STSConfiguration element in the STS WSDL is used to have attributes for configuring an STS (e.g. Issuer for the STS, Issued tokens from this STS must be encrypted or not, Issued keys from the STS must be encrypted or not, Issued Token time-out, Implementation contract class for the STS, etc.)

Developer can implement this extension to provide/replace the STS configuration properties other than what is present in the "STSConfiguration" element of STS WSDL.

For example : If you are writing a STSConfiguration element and thinking you might change values of few properties at run time, then you need to implement this provider

Note : All the providers can be plug in using the standard ServiceFinder, i.e, with a file of name  com.sun.xml.ws.api.security.trust.STSAttributeProvider , etc, which contains the actual implementation class.

Click here to know "how to create customer STS with STSAttributeProvider implementation using WSIT"

Technorati: wsit 

Posted at 02:34PM Aug 07, 2007 by Shyam Rao in WebServicesSecurity  |  Comments[3]

Comments:

[Trackback] Jiandong announced a new whitepaper: Building Trust in Web Services with Security Token Service. This papers explains how Security Token Service (STS) enable exchange of interoperable security tokens. It also explains how multiple STSs can be chained a...

Posted by Arun Gupta's Blog on August 11, 2007 at 04:19 AM IST #

Hi Shyam,

this weblog is fantastic, and steps for adding attributes in SAML token works great, but, is there somewhere steps for extracting these attributes on service provider side, so that we can use them?

Kind regardes,
Marko

Posted by Marko Debač on August 29, 2007 at 03:41 PM IST #

Hi Marko,
Sorry for very very late reply. If you still looking for the answer of your question, then please have a look at this blog http://weblogs.java.net/blog/kumarjayanti/archive/2007/12/accessing_the_s.html

You can post your questions on Metro at Metro forum (http://forums.java.net/jive/forum.jspa?forumID=46&start=0)

Thanks
Shyam Rao

Posted by shyam rao on April 09, 2008 at 10:04 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed

Calendar

« July 2009
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today

Search

Links

Navigation

Referers

Today's Page Hits: 19