Friday, May 4, 2012

OEG and SAML Authorization

Next variation on the theme - SAML Authorization. I have a web service deployed to WLS -


I register it with OEG -

I create the following policy -

Now let's look at the first filter -


Note the following -
SOAP Actor/Role set to Current Actor/Role only
Resource set to http://localhost:8082/SAMLAuthoriseDemo
   This will be the OEG URL.
   /SAMLAuthoriseDemo being the relative path I'll create later.


For Trusted Issuer:
I just selected one from the list offered, after pressing the Add button.
The Web Service filter simply calls the FraudCheckService


I create the relative path


I deploy and test


As expected, it throws an error -


Back in Service Explorer - add a SAML Authorization token


Configure as follows -
Choose the same TrustedIssuer as specified in the policy as the policy filter only accepts assertions that have been issued by the selected SAML Authorities.

Set the Resource value to http://localhost:8082/SAMLAuthoriseDemo
Set the Action value to Read


View the token generated


Re-Test


We can also encrypt the token in Service Explorer



re-test

No comments: