This document describes how to configure an XACML client to invoke a custom identity asserter for authentication.
Use the sample UsernameIdentityAsserter located under \ales32-dmin\examples\SampleProviders\UsernameAsserter
.
UsernameIdentityAsserter.jar
) to the following directories:The SSM configuration page is displayed.
The token type should be identical to the one you have configured.
<ALES_SSM_HOME> \webservice-ssm\instance\instance-name\config\WLESws.wrapper.conf
configuration file: Wrapper.java
.classpath.70=D:/bea1001/ales32-ssm/webservice-ssm/lib/smwsCustomAssertion.jar
<ALES_SSM_HOME>\webservice-ssm\lib\com\bea\security\ssmws\soap\.castor.xml
file.
<class name=" com.bea.security.ssmws.credentials.TestCredHolderImpl ">
<map-to cst:xml="USERID_TOKEN" />
<field name="cookie" type="java.lang.String" >
<bind-xml node="text"/>
</field>
</class>
<ALES_SSM_HOME> \webservice-ssm\lib\com\bea\security\ssmws\credentials\.castor.xml
file.
<class name="com.bea.security.ssmws.credentials.TestCredHolderImpl ">
<map-to cst:xml="USERID_TOKEN" cst:ns-uri=" @
http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd " />
<field name="cookie" type="java.lang.String" >
<bind-xml node="text"/>
</field>
</class>
<ALES_SSM_HOME> \webservice-ssm\lib\com\bea\security\ssmws\authorization\xacml\context\.castor.xml
file.
<class name="com.bea.security.ssmws.credentials.TestCredHolderImpl">
<map-to cst:xml="USERID_TOKEN" cst:ns-uri=" @
http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd " />
<field name="cookie" type="java.lang.String">
<bind-xml node="text"/>
</field>
</class>
@ log4j.logger.com.bea.security.ssmws.server=DEBUG
to the <ALES_SSM_HOME>\webservice-ssm\instance\instance-name\config\log4j.properties
file. After configuration of UsernameIdentityAsserter to your webservice-ssm, you can send XACML Atz request to the ws-ssm using the following XACMLrequest. Make modifications and use the sample XACML client located under ales32-ssm\webservice-ssm\examples\XACMLClient to test this configuration. The sample has to be modified to use the custom token; in this case, the “USERID_TOKEN” instead of the built-in ALESIdentityAsserter. Also ensure you pass the value of the custom token using the AttributeType entity when you construct a SubjectType.
In the subject element of this request, it is set to use USERID_TOKEN as the asserter and the value of the token is passed in <USERID_TOKEN>. Change the value of the token, resource, and action according to your policy and send the request. You should get a XACMLresponse back.
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<Subject xsi:type="ns1:SubjectType"
xmlns:ns1="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://security.bea.com/ssmws/ssm-ws-1.0.wsdl#USERID_TOKEN" xsi:type="ns1:AttributeType">
<AttributeValue xsi:type="ns1:AttributeValueType">
<USERID_TOKEN xmlns="http://security.bea.com/ssmws/ssm-soap-types-1.0.xsd">weblogic</ USERID_TOKEN>
</AttributeValue>
</Attribute>
<Attribute AttributeId="http://security.bea.com/ssmws/ssm-ws-1.0.wsdl#level" DataType="http://www.w3.org/2001/XMLSchema#string" xsi:type="ns1:AttributeType">
<AttributeValue xsi:type="ns1:AttributeValueType">3</AttributeValue>
</Attribute>
</Subject>
<Resource xsi:type="ns3:ResourceType" xmlns:ns3="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" xsi:type="ns3:AttributeType">
<AttributeValue xsi:type="ns3:AttributeValueType">MyApp/stock/app</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" xsi:type="ns4:AttributeType" xmlns:ns4="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<AttributeValue xsi:type="ns4:AttributeValueType">any</AttributeValue>
</Attribute>
</Action>
<Environment/>
</Request>
</soapenv:Body>
</soapenv:Envelope>