This week's book giveaway is in the Big Data forum.
We're giving away four copies of Elasticsearch in Action and have Radu Gheorghe & Matthew Lee Hinman on-line!
See this thread for details.
The moose likes Web Services and the fly likes Web Services Security using SAML v2.0 and XACML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Services Security using SAML v2.0 and XACML" Watch "Web Services Security using SAML v2.0 and XACML" New topic

Web Services Security using SAML v2.0 and XACML

Avijeet Ghosh

Joined: May 27, 2011
Posts: 1

We are building a series of web services as a part of Web Services Layer for a project. In this regard, if anyone can help me with the following scenario through the links to the defined tutorial or code snippets and steps that will be of great help:

Technology Stack proposed: Axis 2.0, Rampart, XACML, WebSphere 7.0

1. The Client will call a SOAP based web service over https. After the database authentication, the client will be issued a SAML v2.0 token with identity assestion and a role corresponding to the user. This token will be returned to the client.
2. The client will subsequently call the other web services. All this services will be bounded with a secure policy expecting the SAML token.
3. After the token authentication, the role should be checked at the individual service method level for the authentication. If the role does not match, the service should return an UnAuthorized exception to the user.

I am searching for a good example or tutorial but in vain.Kindly help me with the same.

Thanks and Regards,
I agree. Here's the link:
subject: Web Services Security using SAML v2.0 and XACML