Issuing SAML token of Bearer type

We add the support of issuing SAML assertions of bearer type where there is no proof keys associated
with the assertions. Before that, we only support issuing SAML assertions of AsymmetricKey or SymmetricKey proof key types.

For a service, IssuedToken of Bearer key type should only be used as a SignedSupportingTokens or SupportingToken, since it has no keys associated for encryption or signing purpose. We don't have Netbeans support for this use case yet but one may manually enable it. Here is the steps:

1. Create a service secured using IssuedToken as a supporting token:
https://wsit-docs.dev.java.net/releases/1-0-FCS/WSIT_Security4.html#wp129484

2. Changed the EndorsingSupportedTokens to SignedSupportingTokens.

3. Changed the value of the KeyType element in the RequestSecurityTokenTemplate to

1) ws-sx version: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer

2) previous version: http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey.

No manual change required on the STS and client side.

Bearer key type is also used by the Windows Cardspace as default with a thin client fro Browser based Web site.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jiandong Guo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today