File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes SAML Assertions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "SAML Assertions" Watch "SAML Assertions" New topic

SAML Assertions

Maya Raman

Joined: Mar 05, 2007
Posts: 10
I am really confused about where to place SAML assertions - should it go into the wsse Security Header, contained in the SOAP header? or Should it go into the SOAP body?

If it will be in the SOAP Header, what would the SOAP body contain? would it be empty? Also, can I still encrypt assertions in the header, so that they won't be in cleartext?

If it should be in the SOAP body, well, I don't how to put it there. I am using wss4j.

Can someone PLEASE guide me on this, thanks!
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Let's see if someone in the Web Services forum knows about this.
Maya Raman

Joined: Mar 05, 2007
Posts: 10
Just wanted to update that while most of my question about where to place it still remains, I did figure out how to encrypt them. Thanks!
I agree. Here's the link:
subject: SAML Assertions
It's not a secret anymore!