Today's Page Hits: 41
This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.
Issuing SAML token of Bearer type
We add the support of issuing SAML assertions of bearer type where there is no proof keys associated
with the assertions. Before that, we only support issuing SAML assertions of AsymmetricKey or SymmetricKey proof key types.
For a service, IssuedToken of Bearer key type should only be used as a SignedSupportingTokens or SupportingToken, since it has no keys associated for encryption or signing purpose. We don't have Netbeans support for this use case yet but one may manually enable it. Here is the steps:
1. Create a service secured using IssuedToken as a supporting token:
https://wsit-docs.dev.java.net/releases/1-0-FCS/WSIT_Security4.html#wp129484
2. Changed the EndorsingSupportedTokens to SignedSupportingTokens.
3. Changed the value of the KeyType element in the RequestSecurityTokenTemplate to
1) ws-sx version: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
2) previous version: http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey.
No manual change required on the STS and client side.
Bearer key type is also used by the Windows Cardspace as default with a thin client fro Browser based Web site.
Posted at 04:27PM Feb 04, 2008 by jiandongg in Sun | Comments[0]