OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] issues as to SAML implementation with BEA SSPI


Hi,

Sorry for a question as to a vendor specific issue.
If you don't like it, please ignore it. 

I'm developing SAML-aware authentication with BEA SSPI .
My environment is WebLogic 7.0 on Windows 2K.

Now, there is an issue as to implementing servlet to accept SAML 
Authentication Assertion.
My SAML-acceptor servlet works as follows when it asserts Assertion 
properly.

1. From httpRequest, getting SAML Assertion sent by POST method.
2. constructing MyIdentityAsseter, which is implementing 
AuthenticationProvider and identityAsserter, asserting SAML Assertion 
and getting CallbackHandler.
3. constructing LoginContext and running LoginContext. LoginContext 
calls MyLoginModule to login properly.
4. getting Subject from loginContext.

However, I can't know how to connect http session with subject retrieved 
from the assertion.
Therefore, next request ,which is on the same http session as SAML-
acceptor servlet, isn't recognized by WebLogic as the request from the 
authenticated subject - it doesn't make sense.

I suppose that by using WebLogic's some API,  the code need to connect  
subject with http session managed by webLogic, but I can't find what API 
to use and where (in MyLoginModule or in this servlet and so on) to call 
the code.

How should I do? Have I done a wrong way because of misunderstanding BEA 
SSPI or JAAS? 

Any suggestion is very,very helpful.

Regards,


    // this code corresponds to action 2-4
    PilotIdentityAsserterImpl pilotIdentityAsserterImpl = new 
PilotIdentityAsserterImpl();
    IdentityAsserter identityAsserter = pilotIdentityAsserterImpl.
getIdentityAsserter();
    Subject subject = null;

    try{
      CallbackHandler callbackHandler = identityAsserter.assertIdentity
(PilotIdentityAsserterImpl.SAML_TYPE,samlAssertionObject);
       LoginContext loginContext = new LoginContext("Pilot",
callbackHandler);
       loginContext.login();
       subject = loginContext.getSubject();
       } catch (...]
       
----------------------------------------------
NTT Data Corpration
Yuji Sakata
Tel: +81-3-3523-8081
E-Mail: ysakata@rd.nttdata.co.jp
----------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC