I am writing a Client and Service using Axis2 and rampart A third party authenticator which I will control as well will issue a token to the client in which the client will send to the service The problem is I have no idea how to validate this token, I was told it is outside of the scope of SAML Is there a way to validate the token without contacting the third party authenticator or without using public keys

any help is greatly appreciated

有帮助吗?

解决方案

Check this example of Apache WSS4J (which I believe is compatible with rampart, haven't used rampart myself). They use a CustomSamlAssertionValidator which appears to just compare the name of the issuer in the SAML token to pre-defined value.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top