Handling Token and Key requirements at Run Time, Part II: Claims, TokenType, etc




In the previous blog, I gave an overview on how to handle
token parameters and requirements at run time on the client side.

While it is more or less straight forward with TokenType. KeyType,
etc., it requires extra effort for managing Claims requirement at run time:

1. Claims are defined as an extensible element in the WS-SecurityPolicy spec:

  <wst:Claims Dialect=”http://schemas.xmlsoap.org/ws/2005/05/identity”
     xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
  </wst:Claims>

It is up to the applications and profiles of WS-Trust to define the content
of the Claims. So you need to implement com.sun.xml.ws.api.security.trust.Claims
to manage claims in your environment. Here is a sample
for managing claim types of the following form:

  <wst:Claims Dialect=”http://schemas.xmlsoap.org/ws/2005/05/identity”
     xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
     xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
     <ic:ClaimType
       Uri=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality”/>
     <ic:ClaimType
       Uri=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role”/>
   </wst:Claims>

2. Make run time requirement for claim types on the client side:

Using STSIssuedTokenFeature with STSIssuedTokenConfiguration.
Check out some sample code here.

3. If you you are using Metro based STS, you can obtain the claim types and
provide the user attributes accordingly in your custom STSAttributeProvider.
Here is an example.



Comments:

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:46 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:54 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 09:57 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:02 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:06 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:09 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:17 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:21 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on May 31, 2009 at 10:31 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on June 02, 2009 at 07:21 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on June 02, 2009 at 07:27 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on July 06, 2009 at 10:34 PM PDT #

[Trackback] Security Token Configuration in Metro

Posted by Kumar Jayanti's Blog on July 07, 2009 at 05:45 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jiandong Guo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today