This content has been marked as final. Show 6 replies
We have a requirement of extracting one of the SAML attributes sent to our proxy service and send it to the business service as one of the SOAP body elementsI think your requirement is not to do the authentication then why are you checking the option 'Process WS-Security Header'?
If 'Process WS-Security Header' check-box is selected then it will process and consume the security headers and enforces the message level access control policies on the incoming message (This is called an Active Intermediary Proxy Service). if you don't select it the proxy will be pass-through and OSB will not make any modification to the security headers, encrypted body parts, etc (this is called a Pass-Through Proxy Service)
I think in your case you require a pass-through proxy service.
To know more about pass-through/active intermediary proxies and their configuration in OSB, please refer section "Configuring Proxy Service Message-Level Security" on below link -
Did you check $inbound ? For WS-Security Username token the authenticated user appears within $inbound ..Not sure about SAML.
There could be some use cases where we need to do some processing within the message flow based on the security headers.( Eg . apply transformation based on WS-Security authenticated user). But if you make the proxy active intermediary by checking the Process WS-Security checkbox, OSB seems to delete the headers and you get a blank soap:header.
Edited by: atheek1 on Jun 19, 2010 4:44 AM
sorry for bringin up old thread, but I have now same problem.
We configured proxy service authentication using SAML policy. Now we need to pass some SAML header values to business service, however, whole wsse:Security header is empty.
$inbound does not contain anything useful.
So, is there any solution to make OSB keep header ?
Hi I can add on we have the same problem so if you got some kind of solution I am very interested.
I have the similar requirement. I need to pass in the header attributes to call the external services. Can anyone got around this problem? Thanks
I can say that I made workaround by implementing custom OWSM policy and in the end Security element remains in proxy service.