« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Blog::Navigation

Blog::Editing

Bookmarks::Blogroll

Blog::Referrers

Today's Page Hits: 327

Site notes

This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.

Powered by Roller Weblogger.
« Token Caching and... | Main | Handling Claims with... »
Thursday Nov 12, 2009

ActAs and Credential Delegation: update

Update the support for ws-trust 1.4 in Metro 2.0 for token delegation with ActAs to ensure interoperbility:

1. use ws-trust 1.4 namespace for ActAs: http://docs.oasis-open.org/ws-sx/ws-trust/200802
2. Create delegate SAML assertion with
   * id and usual attributes for the original user
   * actor attribute for the requestor:



   <saml:Attribute AttributeName="actor"

                 AttributeNamespace="http://schemas.xmlsoap.com/ws/2009/09/identity/claims">

                 <saml:AttributeValue>

                     <saml:Attribute AttributeName="name"                                          

                                    AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"                              xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">

                                   <saml:AttributeValue>name</saml:AttributeValue>

                                </saml:Attribute>

                            </saml:AttributeValue>

                        </saml:Attribute>

Posted at 01:29PM Nov 12, 2009 by jiandongg in Sun  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
Locations of visitors to this page
Copyright (C) 2003, jiandongg