I'm looking for a very easy and quick way to generate some SAML assertions. This is only going to be used for testing (using SOAP UI). So I just need something that can generate a valid assertion, signed or unsigned, that I can then drop into SOAPUI and send off to my Web Service. I know how to add the assertion to the SOAP message and all that other good stuff, I just need some valid test assertions.
Any ideas?
Thanks.
I don't think you will find one. SAML has so many profiles/bindings. It's almost impossible to generate a single assertion that meets requirement of every relying party.
Your best bet is to capture a real assertion and use it as a template. Just replace the field on the fly in SOAPUI.
This is the approach used by Google SSO client library (now deprecated). You can find the examples here,
http://code.google.com/p/google-apps-sso-sample/downloads/list
Related
Is there a way to log all assertions, not just failing ones?
I wonder whether AssertJ provides an interface to access the details of the assertion (WritableAssertionInfo) and the result of the assertion? Is there any way to hook into the assertion process and add a simple log output?
I checked the documentation, the Java API and some related questions (like this one) but couldn't find a solution to my use-case.
Nope, only failed assertions lead to (error) messages, there is recording of what is being asked.
I'm curious to know what problem you are trying to solve if you can share it.
The WSHandlerConstants class defines action constants like SAML_TOKEN_SIGNED and SAML_TOKEN_UNSIGNED
I am struggling to find any documentation about these action constants, after looking around a lot I am still unable to find explanation for the below
Mapping of action constants to the expected behaviour they are
suppose to trigger
Which constant should be defined on the outgoing end (client) versus
which constants should be defined on the incoming end (server), if a
constant can be used at both ends then how does its behaviour change.
What effect does each constant have on the SAML token being produced
I am investigating actions related to SAML authentication and generation.
After digging through the source I have found that in the WSSConfig there is default action mapping.However the action classes only get invoked via the WSS4JOutInterceptor.
The WSS4JInInterceptor uses the actions configured on the server side to work out if the tokens are valid,I however could not work out exactly how.
I suspect that there should be some easy way to find out these different combinations. At the end I hope to have some clarity on,
If a SAML token is generated with these(X,Y,Z) characteristics then it can be validated successfully when CXF is configured with these (A,B,C) actions and a brief explanation for each of them. Some guidance on best practices and most used combinations wouldn't hurt.
Background:
A certain government-backed wholesaler of broadband services in Australia took feedback from discussion groups about how best to deliver B2B services to retail ISPs. They settled on EbXML.
Problem:
We're a very small shop (comparatively) that doesn't want to spend a lot of time going forward on integration. We're already familiar with integration of paired (inbound and outbound) SOAP services. In the past we've made use of WSDL-based code generation tooling (mostly with RPC/Literal services) where the WSDL has been descriptive and simple enough for the code generation tools to digest.
If at all possible we'd like to avoid having to hand-integrate the services with our business 'stack'. We know that the 'Interface Schemas' have been updated several times; we'd like to (as much as possible) do code and schema generation such that we can model our relationship with the supplier and the outbound/inbound messages as simple "queues" (tables) in an SQL database -- this will be our point of integration.
Starting with the outbound ("sender") SOAP web-service... it publishes a Document/Literal WSDL description of the service that seems to work correctly with various tools (e.g: wsdl2java, SoapUI) to generate the EBXML 'wrapper' messages. This says nothing about the 'payload' messages themselves which (at least for the MSH we've looked at) need to be multipart/related attachments with type of text/xml.
The 'payload' messages are defined in the provided CPA (something like bindings) and Schema (standard-looking XSD) files. The MSH itself doesn't seem to provide any external validation for the payload messages.
Question:
Is the same kind of code generation (as seen with WSDL-described SOAP web services) tooling available for EbXML CPAs/Schemas? (i.e: tools that can consume the CPA and 'payload' interface schemas and spit out java/c++/whatever, and/or something WSDL-like specific to the 'payload' interface messages and/or example messages).
If so, where do I look?
If not, are there any EbXML-specific problems that would prevent it? (I'd rather not get several weeks into a project to develop tools that are impossible to implement 'correctly' given the information at hand).
The MSH is payload agnostic. The payloads are not defined in the CPA, only the service and action names that are used to send the ebXML payloads are. The service and action are transmitted in the ebXML header, which is the first part of the multipart message. The payloads themselves can be xml, binary or a combination. Each payload is another part.
An MSH is responsible for tasks like:
sending (usually asynchronous) acknowledgements for received messages
resending messages if an acknowledgement has not been received within a certain amount of time
ignoring duplicate messages
assuring the order in which messages are delivered is correct
the actual behaviour is all configurable using the CPA, but a compliant MSH would support all this.
This implies that an MSH has to keep an administration of the messages it has sent and received, which is usually done in a database.
I would be surprised if you could find tooling to generate an MSH from a specific CPA. What you can find is software/components that implement a generic MSH and that can be configured with CPAs.
Assuming you don't want to build your own, look for an existing ebMS adapter. Configure it with your CPA(s). Then generate the payloads however you like and pass them to the ebMS adapter.
Google for "ebMS adapter" or "ebMS support".
Alas, it seems there's no specific tooling around the 'payload' messages for EbXML, spefically because EbXML doesn't regulate those messages.
However, the CPA (through canSend and canRecv) elements acts somewhat like a SOAP WSDL, and the XSDs serve the same purpose as with SOAP, so it's not too far off.
There does exist software for turning types defined in XSDs into messages (merging in user-supplied data) at runtime, but per my question there's no obvious tooling for code generation around CPAs and related XSDs.
Furthermore, actually writing software to do this yourself is made more problematic by the dificulty of searching for the meta-grammar for XML Schema (i.e: that grammar which remains of XML Schema once XML tokenization is factored out). Basically, this was difficult because in the XML world, the word "grammar" has an different meaning which polutes search results.
I was able to write a parser for the XML syntax snippets present at the top of each of the MSDN articals on XML Schema (elements listed down the left), which in turn allowed me to generate an LL1 grammar for XML schema which works on the pre-parsed AST of a given XSD.
From there I built a top-down parser from this meta-grammar which:
Follows <xsd:import>s and <xsd:include>s to resolve namespaces into further XSDs.
Recursively resolves message types in order to produce a 'flattened' type for each CPA message.
Generates a packer/unpacker data-structures for the message types which allow generation of code in various languages, as well as serialisation to and parsing from validated 'payload' XML.
There are still various XML Schema restrictions, keys, and other constraints that my code generators don't know about, but support for these can be added in time.
I'll update this answer with links to grammars (and possibly code -- depends on legals) as time permits. I'll leave the question as non-accepted for a while so that if someone miraculously finds a tool which makes much less work of the code generation, I'll accept an answer based on that.
So I'm building my own spell check provider but it's rather a specific one to certain cases and doesn't correct all mistakes. Is there a way to spell check through my provider then forward the word to another provider ( Microsoft spell check )? This would be useful if anyone wants to extend Microsoft spell checker features.
You would need to be both a provider and a client, but there isn't a way to request a specific spell check provider when you are the client. That is controlled only by the user. I'm guessing from your question though that you want to support a specific case like legal or medical terms. If that's the case, you may want to consider just adding a word list of these terms and allowing the built in provider to handle.
I have a requirement in my project where I will have to built a webservice. This webservice will do the following things:
Accept XML format data
Return XML format data
The XML input data will have an element will have login information and another element data which needs processing.
Now I am looking for a design pattern where in I can make the webservice code look nice neat and clean. Because the webservice has to do plenty of things like.
First Parse the xml
Authenticate the request by checking username and password
Create objects from the data and then save the data to database
Prepare and xml which will be returned to the client.
So I have around 4 major steps which will definately make the code look ugly if I write whole thing in .asmx.cs file.
If anyone can suggest any design pattern to suit this so that the code is easy to maintain in near future.
As this module is to be integrated in my existing project hence there are some restrictions, like I cant use some 3rd party module or dll.
So I was looking for something like Single Responsibilty principle, Chain of Responsibility or Command or Decorator Patterns or anyother oop concept that fits.
I have searched but havent understood which way to start.
Thanks.
M.
I wouldn't write any of that from scratch. Use ServiceStack or MS MVC 4 for the webservice host. Rely upon them to do the conversion from XML to/from your objects. Both of those frameworks include authentication features. Start by reading their tutorials. It sounds to me like you have no experience with ORMs or micro ORMs or the various database options. I'd read a lot of tutorials on those as well.