Does Metro support WS-Federation , Integration Metro with ADFS in WS-Trust

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Does Metro support WS-Federation , Integration Metro with ADFS in WS-Trust

TomekJavaMetro
This post has NOT been accepted by the mailing list yet.

Hello,

I try to integrate Sts from Metro (2.1.1 / 2.2 version) with other STs -(Microsoft ADFS), where metro STS is in  domain A, and Ms Adfs Sts is in the other  domain B.
In doamin A i have a java based WSC secured by Metro STS, and in the other domain is the .Net  WSP secured by Sts from the ADFs.

the Software from Ms used WS-Federation 1.1  / 1.2 version in order to support the trust in/out of the domain.

The version of WS-Trust from both STS-es is the same (Ws-Trust 1.3).
Both Sts-es  issues and receives the SAML 2.0 tokens.

Does the integration would could be done  whitout WS-Federation?

In the Apache CXF i have found the "partialy support of the WS-Federation" - for the passive requestor profile, but i would like to still use Metro?

I would like (look for) the advice  from Your team.
What You could advice to solve this.

Best regards,
TomekJavaMetro.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Does Metro support WS-Federation , Integration Metro with ADFS in WS-Trust

TomekJavaMetro
This post has NOT been accepted by the mailing list yet.
This post was updated on .
For cleareness , The integration between 2 or more STS-es work in the brokered (federation ) scenarios.

The information / settings about my STS from Metro . This info i conveyed to the other domain with MS ADFS.


Does the Sts Key is cyphered: Yes

Security Layout Header: Strict  

Saml Token TYpes Used are:    
     SAML 2.0 :    <tc:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</tc:TokenType>
     Saml  1.1:     <tc:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tc:TokenType>

DigestMethod : Sha1         in MS ADFS it is Sha2 (Sha256 for example. Does it is a potential conflict ?)

Ws-Trust:                     http://docs.oasis-open.org/ws-sx/ws-trust/200512

Sample Claims Types used in STs/ Wsp :    
<wst:Claims xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>
<ic:ClaimType Optional="true" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"/>
<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
</wst:Claims>


The public key of the STS , and CertificateAuthority    in *.crt , *.pem  *.p7b   formats.  

Cryptography Type :  symetric

Cryptography Algorithm Suite: Basic128Bit          
Loading...