Anyone experimented with verifying OAuth SAML Bearer Assertion with Camel?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Anyone experimented with verifying OAuth SAML Bearer Assertion with Camel?

Goyal, Arpit
Hi,

We are implement OAuth+SAML Bearer assertion and wanted to know if someone played around with JETTY acting as OAuth token server based on SAML Assertion?

Basically - https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-23 we want to test within camel route with JETTY as OAuth Token Server post verification of Signed SAML Assertion.

Apologies if this question is against the forums question strategy to have pre-investigation. Currently I have none and want to avoid running our camel implementation against standard server, but TDD approach.

Regards,
Arpit.
Reply | Threaded
Open this post in threaded view
|

Re: Anyone experimented with verifying OAuth SAML Bearer Assertion with Camel?

Sergey Beryozkin
Hi

Do you use CXFRS ? If yes you might to experiment with CXFRS
Jetty-backed endpoints, with the SAML2 filters:

http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html#JAXRSOAuth2Assertions-SAML2Bearer

Though they have not been as well stressed as the filters for the JWT
assertions (described below at that page).

Please follow up at the CXF list if it is of any interest

Cheers, Sergey
On 21/02/17 21:22, Goyal, Arpit wrote:

> Hi,
>
> We are implement OAuth+SAML Bearer assertion and wanted to know if someone played around with JETTY acting as OAuth token server based on SAML Assertion?
>
> Basically - https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-23 we want to test within camel route with JETTY as OAuth Token Server post verification of Signed SAML Assertion.
>
> Apologies if this question is against the forums question strategy to have pre-investigation. Currently I have none and want to avoid running our camel implementation against standard server, but TDD approach.
>
> Regards,
> Arpit.
>

Reply | Threaded
Open this post in threaded view
|

RE: Anyone experimented with verifying OAuth SAML Bearer Assertion with Camel?

Goyal, Arpit
Thanks. This looks promising.

In our stack we do have Apache CXF for SOAP communication and Jetty All bundle for testing. I need to check if CXFRS jars are available and how to stich it up with Jetty :S (don't have much ex in these components).

Also, will follow up on the other mailing list.

Regards,
Arpit.

-----Original Message-----
From: Sergey Beryozkin [mailto:[hidden email]]
Sent: Tuesday, February 21, 2017 2:04 PM
To: [hidden email]
Subject: Re: Anyone experimented with verifying OAuth SAML Bearer Assertion with Camel?

Hi

Do you use CXFRS ? If yes you might to experiment with CXFRS
Jetty-backed endpoints, with the SAML2 filters:

http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html#JAXRSOAuth2Assertions-SAML2Bearer

Though they have not been as well stressed as the filters for the JWT
assertions (described below at that page).

Please follow up at the CXF list if it is of any interest

Cheers, Sergey
On 21/02/17 21:22, Goyal, Arpit wrote:

> Hi,
>
> We are implement OAuth+SAML Bearer assertion and wanted to know if someone played around with JETTY acting as OAuth token server based on SAML Assertion?
>
> Basically - https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-23 we want to test within camel route with JETTY as OAuth Token Server post verification of Signed SAML Assertion.
>
> Apologies if this question is against the forums question strategy to have pre-investigation. Currently I have none and want to avoid running our camel implementation against standard server, but TDD approach.
>
> Regards,
> Arpit.
>