tag:blogger.com,1999:blog-1816408742331555186.post7841521627791435727..comments2023-05-22T03:03:54.478-07:00Comments on Oracle Fusion Middleware Security: Calling Oracle Service Bus from MSFT WCF Client Using an STSChris Johnson (Oracle)http://www.blogger.com/profile/13331466366556759355noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-1816408742331555186.post-10129394559684952662010-11-29T13:02:30.816-08:002010-11-29T13:02:30.816-08:00Adding the wsu:Id to the SAML Assertion was never ...Adding the wsu:Id to the SAML Assertion was never a good idea, but now it's entirely unnecessary. <br /><br />With the hotfix described in support.microsoft.com articleId=974842, adding the wsu:Id to the SAML Assertion is no longer necessary. WCF now implicitly signs the Assertion based on the AssertionID, or, alternatively, by setting a new property, STR-Transform, you can get WCF to generate the STR-Transform . <br /><br />OSB accepts SAML Assertions signed directly against the AssertionId, even if it is vaguely non-compliant, so setting the STR-Transform is not strictly necessary.<br /><br />Also, STS encryption of the SAML Assertion is not necessary for sender-vouches scenarios, so it's not even necessary to add the wsu:Id to the element in those cases. <br /><br />Hope this information spares someone the headbanging it took me to figure this out.Unknownhttps://www.blogger.com/profile/07041898087764549913noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-23843064248632419002010-10-14T02:25:56.220-07:002010-10-14T02:25:56.220-07:00Josh,
I worked with you 18 months ago to get this...Josh, <br />I worked with you 18 months ago to get this going for a client in Perth, West Australia - to be fair you did all the work and I did the testing :)<br /><br />I'm at another client - trying to get this going again. So thanks for the great post!<br />ToddUnknownhttps://www.blogger.com/profile/08325231542515230380noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-53122222122514020382010-03-18T05:58:33.211-07:002010-03-18T05:58:33.211-07:00Josh, you wrote that "OSB does have support f...Josh, you wrote that "OSB does have support for Kerberos as part of the transport level security provided by SPNEGO.".<br /><br />Can you explain how to do kerberos auth for proxy service? This moment I have linux machine with correctly working kerberos auth for applications (for example WebLogic and OSB Consoles)...<br /><br />I tried several variants... for example: <br /><br />proxy service settings:<br />- Authentication: Custom Authentication (See Advanced Settings)<br />- Authentication Header: WWW-Authenticate or Authorization<br />- Authentication Token Type: Authorization.Negotiate or WWW-Authenticate.NegotiateАндрейhttps://www.blogger.com/profile/00339127061943142739noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-33803855997568681662010-03-08T09:41:03.360-08:002010-03-08T09:41:03.360-08:00Hello Josh, this is a very interesting scenario.
...Hello Josh, this is a very interesting scenario.<br /><br />I’m trying to make it works for an OSB Proof of Concept, but as I’m not a WCF specialist, I’m a bit lost for the custom binding implementation.<br /><br />My understanding is we need to create a .Net assembly “OSBWCFExtensions” that expose a class “OSBSecurityElement” that extends the “BindingElementExtensionElement” class and override the method “CreateBindingElement()”, correct ?<br /><br />After in the bookstore client we need to define the “bindingElementExtensions” and create a “customBinding” that will be used instead of the WSFederationHttpBinding to configure the BuyBook endpoint…<br /><br />It is a bit confusing that you illustrate this part with this “HelloWorldServiceServiceSoapBinding” instead of presenting the modification of the BookStoreClient App.config file… <br /><br />Would it be possible to have more details for this WCF client configuration part?<br /><br />Actually today, when I try to add the bindingElementExtension and the custom binding as described in the blog I’ve got an error at client instantiation telling me that the “STSAddress” attribute is not recognized… Maybe I’m missing something obvious but if you can help on this part, it would save me a lot of time<br />Best regards,Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-11373492755068189232010-03-07T07:21:57.703-08:002010-03-07T07:21:57.703-08:00Great Post. Where you able to achieve this with an...Great Post. Where you able to achieve this with an STS?mbenoliehttps://www.blogger.com/profile/15766337200903727010noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-34740365327809815172009-10-02T09:30:11.806-07:002009-10-02T09:30:11.806-07:00The MSFT sample for the STS is here
The rest of t...<a href="http://msdn.microsoft.com/en-us/library/aa355045.aspx" rel="nofollow">The MSFT sample for the STS is here</a><br /><br />The rest of the code is available on the blog. Is there more detail that you need?<br /><br />JBJosh Bregmanhttps://www.blogger.com/profile/02941092121498005387noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-71431701905821598392009-10-01T22:44:32.046-07:002009-10-01T22:44:32.046-07:00Great post, any chance of sharing the sample?Great post, any chance of sharing the sample?nickhttps://www.blogger.com/profile/14028936952600652528noreply@blogger.com