« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Blog::Navigation

Blog::Editing

Bookmarks::Blogroll

Blog::Referrers

Today's Page Hits: 100

Site notes

This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.

Powered by Roller Weblogger.
« Parsing SAML Asserti... | Main | Managing multiple... »
Tuesday Feb 24, 2009

Handling Claims with Metro STS

In WS-SecurityPolicy, an IssuedToken policy assertion may carry an optional wst:Claims element,
to specify the actual claims required to access the service. Here is an example of IssuedToken policy assertions with Claims:



    <sp:IssuedToken sp:IncludeToken="...">

        <Issuer xmlns="...">

            <Address xmlns="http://www.w3.org/2005/08/addressing">...</Address>

        </Issuer>

        <sp:RequestSecurityTokenTemplate

                xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">

            <t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>

            <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>

            <t:KeySize>256</t:KeySize>

            <t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" 

                      xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">

                  <ic:ClaimType Uri="http://.../ws/2005/05/identity/claims/givenname"/>

                  <ic:ClaimType Uri="http://.../ws/2005/05/identity/claims/surname" Optional="true" />

            </wst:Claims>

        </sp:RequestSecurityTokenTemplate>

    </sp:IssuedToken>

On the client side, the Claims, together with all the other elements in the RequestSecurityTokenTemplate,
is copied into the request message RST to the STS.

With Metro based STS, the Claims will then be available in the STSAttributeProvider, for use to build
the user attributes to be included in the issued SAML assertion.

In your implementation of the method,
getClaimedAttributes(Subject subject, String appliesTo, String tokenType, Claims claims),
one may parse the Claims to obtain the ClaimTypes with the following codes:



    String dialect = cliams.getDialect();

    List claimTypes = claims.getAny();

    for (Object claimType : claimsTypes){

        Element ctElement = (Element) claimType;

        // parsing ctElement according to the dialect to get claim types

           ...

    }








Once you parse the Claims, you may create the attributes accordingly. The attributes returned from the STSAttributeProvider is available in the STSTokenProvider through:

(Map<QName, List<String>>) ctx.getOtherProperties().get(IssuedTokenContext.CLAIMED_ATTRUBUTES);

for you to build into your issued SAML assertions.



                    

        

            Posted at 
                 11:02AM Feb 24, 2009
            by jiandongg in Sun  | 
                                        Comments[0]
                    

        
    
    

    
        




               
    


            
Comments:

            
    

        

       
    

    
Post a Comment:

    


    
    
    
        

        
    
            
  • 
                
                
            
    • 

            
  • 
                
            
    • 

            
  • 
                
            
    • 

                    
  • 
                
            
    • 
                    
  • 
                
                
            
    • 
            
  • 
                
             
            

            
    • 
            
  • 
                
                HTML Syntax:
                                    NOT allowed
                                
            
    • 
            
  • 
               
               
    
            
    • 
            
  • 
               
               
            
    • 
        


    


    
    


    

    







Copyright (C) 2003, jiandongg