A frequent use of the Vordel XML Gateway is to enrich messages on the network by inserting user attributes into them, formatted as attribute statements in SAML assertions. Often, these attributes come from an LDAP directory.
There is an excellent guide on the Vordel Extranet for doing this - here: https://extranet.vordel.com/service/wp-content/uploads/2008/09/authentication-via-iplanet.pdf. You need a username-and-password to get that doc (contact info@vordel.com for one). But, to get you started, here are the simple steps to configure the Gateway to do this:
1) Authentication against the LDAP directory. As well as performing authentication, this populates the "Attributes for use in subsequent filters". These are what are used for looking up attributes.
2) Look up attributes from the LDAP directory using a "Retrieve from Directory Server" filter. This is where attributes like "location", "role", etc are looked up. The Distinguished Name (or whatever was set in Step 1) is used as the look-up key to find the attributes.
3) Insert a SAML Authentication Assertion including all of the Attributes in an included Attribute Statement. This is straightforward to configure but you have to remember to put "Insert SAML Attribute Statement" in the "Advanced" tab.
4) (optional) Use an "XML Signature Generation" filter (from the Integrity group) to sign the assertion. It's best to sign the assertion with an enveloped signature (which you can do by choosing the XPath to insert the XML Signature into the SAML Assertion) because that means that when the SAML assertion is taken and put into another message, it is still signed and the signature can be verified.
After configuring each step, put a "Reflect message and attributes" filter at the end of the circuit and then you can see the various attributes on the Vordel Gateway's "whiteboard".
That's all you need to do to configure a circuit in the Vordel Gateway to authenticate a user, retrieve user attributes from an LDAP directory, and then insert them into a (signed) SAML assertion.
Blog author: Mark O'Neill
Featured Articles
Recorded Webinars
Videos
Podcasts
Blog Archive
-
►
2012
(14)
-
►
January
(7)
- Scheduling reports on API usage
- Gateways and Load Balancers
- Who manages Application Gateways?
- Kin Lane's API Management Service Provider Roundup...
- Mapping from Google login, with OpenID, to Oracle ...
- Returning JSON fault information to JQuery-based A...
- How to change the default alert email subject line...
-
►
January
(7)
-
►
2011
(93)
-
►
December
(10)
- Testing HTTP Authentication to a Web API
- NFC - a "hand wavy" technology that may succeed
- Checking against a CRL from a Mutual SSL connectio...
- Leveraging Cloud Computing for the Financial Servi...
- Identity propagation from the Vordel Gateway with ...
- Using Vordel SOAPbox to send a SAMLResponse struct...
- Configuring a dynamic CRL lookup on the Vordel Gat...
- Rutrell Yasin on "what to look for in a SOA App Ga...
- From XBRL to Westminster
- How to call a Web Service or API "Off to the side"...
-
►
September
(10)
- Automated API testing
- Issuing a SAML Assertion with a simple STS on the ...
- Authentication using custom tokens with the Vordel...
- Catch the Vordel and Forrester Webinar next week: ...
- Free Vordel Workshop next month - Hotel Nikko, San...
- Content-based routing, with conversion for SOAP to...
- How to authenticate then issue a SAML assertion in...
- You know you're a geek when...
- Speaking at Oracle Open World - Tuesday October 4t...
- CRLs and browsers, and how a Gateway can help
-
►
December
(10)
Recommended Reading
-
Open, Cloud, Confusion2 days ago
-
Nanode thermometer1 week ago
-
Envy and the Facebook IPO1 week ago