Validating SAML tokens
-
01-07-2021 - |
Frage
I am writing a Client and Service using Axis2 and rampart A third party authenticator which I will control as well will issue a token to the client in which the client will send to the service The problem is I have no idea how to validate this token, I was told it is outside of the scope of SAML Is there a way to validate the token without contacting the third party authenticator or without using public keys
any help is greatly appreciated
Lösung
Check this example of Apache WSS4J (which I believe is compatible with rampart, haven't used rampart myself). They use a CustomSamlAssertionValidator
which appears to just compare the name of the issuer in the SAML token to pre-defined value.
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow