Archives / 2006 / June
  • Making WSE 3.0 work with WSS4J and X509 certificates

    Today I found this interesting blog entry to making WSS4J (Axis) work with WSE 3.0 using a Mutual X509 scenario (There are two certificates, the first one for client authentication and the second one for message protection).
    Since WSE 3.0 and WCF are compatible at wire level (I have already developed a sample to show this), this entry is also useful for interop testing between WCF and WSS4J.

    Some points to consider:

    1. It uses the August 2004 WS-Adressing Spec (The only one supported in WSE 3.0)
    2. It uses WS-Security 1.0 (MutualCertificate10Security assertion) 


  • WS-Federation quickstart for WSE 3.0

    Microsoft has recently released a WS-Federation sample based on the SAML implementation for WSE 3.0.
    This sample adds some new cool features to the SAML implementation and shows a scenario similar to what I described a couple of months ago in this post.

    These are some of the features provided in this sample,

    1. SAML token encryption based on a configuration setting. This setting basically allows encrypting the attributes
    in the token using a secret key shared between the STS and the service.
    2. SAML authorization assertions. In addition to the common attribute assertions, the SAML token now supports authorization assertions, which are useful to describe permissions over different resources (For example, the owner of this token is allowed to read the financial files). The quickstart also provides an WSE authorization assertion to enforce some of these permissions in the SAML token.
    3. Custom SAML token managers. These token managers were specifically designed for this sample, but they are a good starting point if you want to know more about the different approaches to customize a SAML token manager.

    Download the sample from this location 

    Enjoy it :)