Today's Page Hits: 374
This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.
Handling Claims with Metro STS II
With Oasis standard versions of WS-SecurityPolicy 1.2 and WS-Trust 1.3, syntax is different for Claims
[Read More]Posted at 07:08PM Nov 12, 2009 by jiandongg in Sun | Comments[0]
ActAs and Credential Delegation: update
Update the support for ws-trust 1.4 for token delegation to ensure interoperbility.
[Read More]Posted at 01:29PM Nov 12, 2009 by jiandongg in Sun | Comments[0]
Token Caching and Sharing, Single Sign On Among Services II: token life time
We will talk about how to manage the life time of an issued token on the client side.
[Read More]Posted at 08:32PM Aug 17, 2009 by jiandongg in Sun | Comments[0]
ActAs and Credential Delegation III: Common Issues
Many users have picked up this feature for their applications. Here we will
describe some common issues come up so far and solutions.
Posted at 01:26PM Aug 13, 2009 by jiandongg in Sun | Comments[0]
ActAs and Credential Delegation II: Secure Conversation with STS
To optimize the communication with STS in this case, one should enable secure conversation.
[Read More]Posted at 10:51AM Aug 09, 2009 by jiandongg in Sun | Comments[0]
ActAs and Credential Delegation
We provide support for ActAs introduced in WS-Truts 1.4.
[Read More]Posted at 12:29AM Jul 01, 2009 by jiandongg in Sun | Comments[2]
JavaOne 2009 technical session slides are available
Harold Carr and I gave a talk on Metro security in this year's JavaOne. The slides for our session is now available here.
Please send your feedback or requirements in this blog or Metro forum.
Posted at 03:54PM Jun 15, 2009 by jiandongg in Sun | Comments[0]
Metro in JavaOne 2009
There are several talks in JavaOne 2009 as well as talks in CommunityOne 2009 related to Metro.
[Read More]Posted at 04:19PM May 27, 2009 by jiandongg in Sun | Comments[0]
Token Caching and Sharing, Single Sign On Among Services
We provide support for caching and sharing issued tokens from an STS among multiple
services in Metro 2.0.
Posted at 03:05PM Apr 29, 2009 by jiandongg in Sun | Comments[4]
Matro 1.5 is released
Metro 1.5 released with some critical enhancements added and bugs fixed in security.
[Read More]Posted at 01:14PM Apr 22, 2009 by jiandongg in Sun | Comments[0]
Preposition Poems
Preposition Poems
[Read More]Posted at 01:19AM Apr 13, 2009 by jiandongg in Personal | Comments[0]
Handling Token and Key requirements at Run Time, Part III: select STS at run time
How to write your own configuration to select STS and set STS parameters at run time.
[Read More]Posted at 12:31AM Apr 13, 2009 by jiandongg in Sun | Comments[13]
Handling Token and Key requirements at Run Time, Part II: Claims, TokenType, etc
This is the second part of this series of blogs for handling token and key requirements at run Time. We will explain how to inject and manage Claims.
[Read More]Posted at 12:42PM Mar 30, 2009 by jiandongg in Sun | Comments[13]
Handling Token and Key Requirements at Run Time, Part I: Overview
This is the first part of this series of blog for handling
token and key requirements at run time. We provide an overview
of this new feature.
Posted at 10:31PM Mar 23, 2009 by jiandongg in Sun | Comments[13]
Attributes for SAML 2.0 Assertions
Many users have reported that with Metro 1.4, the attributes from a custom STSAttributeProvider
are not included in the issued SAML 2.0 assertions:
SAML attributes and DisplayToken
Problems with SAML 2.0 and the STSAttributeProvider values
Workaround for SAML2.0 broken STS attribute provider?
With Metro STS, STSAttributeProvider values is not take in the issued SAML 2.0 asertions.
This is due to a bug in the DefaultSTSTokenProvider when the SAML 2.0 assertion is created.
This issue is now fixed for Metro 1.5. Nightly build for Metro 1.5 should be available next week.
Also with Metro, we provide a pluggable STSTokenProvider for which you can use to create
issued tokens yourself. This is particularly useful if you want:
1. Customize SAML assertions created and to be validated.
2. Support for issuing and validating other types of tokens.
A custom STSTokenProvider can be pluggin the same way as for a STSAttributeProvider.
See this blog entry Create custom STS with WSIT for more information.
Posted at 12:14PM Feb 27, 2009 by jiandongg in Sun | Comments[0]