This discussion is archived
2 Replies Latest reply: Jan 21, 2013 8:26 PM by 985855 RSS

SAML1.1 Assertion (Sender Vouches) policy

985855 Newbie
Currently Being Moderated
Hi,

I am trying to write SAML1.1 Assertion (Sender Vouches) policy that will not be used over HTTPS and will not use the message signing and encryption (I do not want to use the standard policies Wssp1.2-2007-Saml1.1-SenderVouches-Https.xml and Wssp1.2-2007-Saml1.1-SenderVouches-Wss1.0.xml for these reasons). Functionall this policy should be like:

<?xml version="1.0"?>
<wsp:Policy ........................>
<wssp:Identity>
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID">
<wssp:Claims>
<wssp:ConfirmationMethod>sender-vouches</wssp:ConfirmationMethod>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</wsp:Policy>

But the above policy can be used with JAX-RPC only (I plan to use new policy in JAX-WS web services).
Could someone help me with this task?

Any help will be appreciated.
Regards,
Alex

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points