OpenSSO SSOToken 到 SAML 断言并返回
我正在考虑使用 OpenAM(以前的 Sun OpenSSO)来保护整个 Java EE 软件平台的安全。在 WebLogic AS 上运行的应用程序将通过 JEE 策略代理 和具有 WS-Security SAML 令牌配置文件 的 Web 服务进行保护。
据我了解,SSOTokenManager 使应用程序代码能够检索 OpenAM 的 SSO 令牌。但为了调用受 SAML 保护的 Web 服务,我需要从 OpenAM 获取 SAML 断言。 谁能告诉我该怎么做吗?
此外,在 Web 服务代码中,我可能需要从 SAML 断言中获取 SSO 令牌。 这可能吗?
I'm considering securing a whole Java EE software platform with OpenAM (prev. Sun OpenSSO). Applications - running on WebLogic AS - would be secured by a JEE Policy Agent and web services with WS-Security SAML Token Profile.
As of my understanding, the SSOTokenManager enables application code to retrieve OpenAM's SSO token. But in order to invoke the SAML protected Web Services, I need to obtain a SAML Assertion from OpenAM. Can anybody tell me how to do so ?
Also, in the Web Service code, I may need to get back a SSO Token from a SAML assertion. Is that possible ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您应该能够使用 OpenSSO 的 安全令牌服务。有一个用于配置它的教程。
You should be able to achieve both conversions using OpenSSO's Security Token Service. There is a tutorial for configuring it.
SSOToken 是用户会话的内部 OpenAM 表示,而 SAML 令牌是具有关联信息的断言身份。因此,这些不能按照您描述的方式直接翻译。
为了获取用于 Web 服务调用的 SAML 令牌,您应该查看 OpenAM 中的 STS 功能。这是一项标准化服务,将对用户进行身份验证,然后对由 SAML 令牌表示的用户身份和身份验证做出断言。然后,此令牌返回给调用实体(Web 服务客户端),调用实体可以根据相关 WS-* 标准包含此令牌。
您可能还需要查看 OpenAM wss 提供程序或 Metro/WSIT 库来协助客户端实施。
The SSOToken is an internal OpenAM representation of a users session, whilst a SAML token is an asserted identity with associated information. As such, these are not directly translatable in the way you describe.
In order to obtain a SAML token for use in your web service call, you should look at the STS functionality in OpenAM. The is a standardised service that will authenticate users and then make an assertion about the identity and authentication of the user, represented by a SAML token. This token is then returned to the calling entity (the web service client) who can include this token as per the relevant WS-* standards.
You may also want to look at the OpenAM wss provider or the Metro/WSIT library to assist implementation on the client side.