2 Replies Latest reply: Jan 21, 2013 8:26 PM by 985855 RSS

    SAML1.1 Assertion (Sender Vouches) policy

    985855
      Hi,

      I am trying to write SAML1.1 Assertion (Sender Vouches) policy that will not be used over HTTPS and will not use the message signing and encryption (I do not want to use the standard policies Wssp1.2-2007-Saml1.1-SenderVouches-Https.xml and Wssp1.2-2007-Saml1.1-SenderVouches-Wss1.0.xml for these reasons). Functionall this policy should be like:

      <?xml version="1.0"?>
      <wsp:Policy ........................>
      <wssp:Identity>
      <wssp:SupportedTokens>
      <wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID">
      <wssp:Claims>
      <wssp:ConfirmationMethod>sender-vouches</wssp:ConfirmationMethod>
      </wssp:Claims>
      </wssp:SecurityToken>
      </wssp:SupportedTokens>
      </wssp:Identity>
      </wsp:Policy>

      But the above policy can be used with JAX-RPC only (I plan to use new policy in JAX-WS web services).
      Could someone help me with this task?

      Any help will be appreciated.
      Regards,
      Alex