4 Replies Latest reply on Jul 12, 2012 10:41 AM by maximilien

    SAML and caller principal propagation

    dimonv

      Hi all,

       

      One question regarding the planned implementation of the JBoss identity.
      SAML is usually used for securing the web services. Is it intended to propagate the SAML token alone with the further calls from WS e.g. to EJBs?

      Is it also planned to propagate SAML token to remote EJBs?

       

      Thanks.

        • 1. Re: SAML and caller principal propagation
          anil.saldhana
          The WS-Trust tokens containing SAML assertions can be transported between two containers (irrespective of what they are). What is needed is server integration at either end to handle ws-t.  PicketLink has the Security Token Server to issue tokens.  JBossESB makes use of this pattern.
          • 2. Re: SAML and caller principal propagation
            dimonv

            You wrote:


            What is needed is server integration at either end to handle ws-t

            1. Does it mean that the token propagation is possible over SOAP only? What about EJB-calls over JBoss Remoting?
            2. Is the server integration at the other end not out-of-the-box, or should this integration be done explicitly? If yes could you please provide a link to the documentation?
            • 3. Re: SAML and caller principal propagation
              anil.saldhana
              Token propagation between a client and the STS happens over soap. But the client can propagate the token to anything in any transport it desires. The latter is yet to be implemented.
              • 4. Re: SAML and caller principal propagation
                maximilien

                Anil Saldhana a écrit:

                 

                Token propagation between a client and the STS happens over soap. But the client can propagate the token to anything in any transport it desires. The latter is yet to be implemented.

                 

                is token propagation over JBoss Remoting included in as 7.1.1.Final now ?