Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing a Client and Service using Axis2 and rampart
A third party authenticator which I will control as well will issue a token to the client in which the client will send to the service
The problem is I have no idea how to validate this token, I was told it is outside of the scope of SAML
Is there a way to validate the token without contacting the third party authenticator or without using public keys
any help is greatly appreciated
Check this example of Apache WSS4J (which I believe is compatible with rampart, haven’t used rampart myself). They use a
CustomSamlAssertionValidatorwhich appears to just compare the name of the issuer in the SAML token to pre-defined value.