문제

I am writing a Client and Service using Axis2 and rampart A third party authenticator which I will control as well will issue a token to the client in which the client will send to the service The problem is I have no idea how to validate this token, I was told it is outside of the scope of SAML Is there a way to validate the token without contacting the third party authenticator or without using public keys

any help is greatly appreciated

도움이 되었습니까?

해결책

Check this example of Apache WSS4J (which I believe is compatible with rampart, haven't used rampart myself). They use a CustomSamlAssertionValidator which appears to just compare the name of the issuer in the SAML token to pre-defined value.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top