Type: Feature Request
Status: Closed (View Workflow)
Affects Version/s: 2.0-CR2
Fix Version/s: 2.2.0.CR1
Similar Issues:Show 10 results
RIFTSAW-144 BPELInvoke action should use MessagePayloadProxy RIFTSAW-485 Add jbossws-native support for securing BPEL processes, and invoking secure external services RIFTSAW-491 BPELInvoke blocks the action processing on BPEL process fault RIFTSAW-295 ESB security_saml example fails when riftsaw is installed RIFTSAW-75 Implement WS-Security atop of ODE RIFTSAW-10 New integration layer to support JAX-WS (native, cxf, metro) RIFTSAW-3 Orchestration of JBoss ESB Hosted WS-Endpoints RIFTSAW-55 WS endpoints registered with JBossWS, for webservice_esb_bpel example, but WSDL page not available RIFTSAW-70 Port not found in ESB example. Endpoint activation fails. RIFTSAW-47 Fix WS examples on JBossWS
It would be great if the BPELInvoke activity could support the mapping of WS security information from the ESB Context into the message / variable associated with the receive operation. The use case requirement is:
"A service implemented as a BPEL process requires authentication of a user. Composite services also require an authenticated user, and re-authentication should avoided. The customer wants to use WS-Security and SAML to fulfill this requirement"
A possible solution is to expose the BPEL process services as an ESB Service via EBWS, and have the client consume this service using a WS-Security UsernameToken. This service would be configured like:
<security moduleName="saml-issue-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSIssueCallbackHandler">
<action name="startBPELProcessAction" class="org.jboss.soa.esb.actions.BPELInvoke">
<property name="service" value="
<property name="operation" value="hello" />
<property name="requestPartName" value="TestPart" />
This security module will authenticate the user and create a SAML token via PicketLInk STS and place the token it in the ESB Context. The BPELInvoke action could then access the ESB Context to get the SAML Token, create a WS security element with this token, and add it to the request used to invoke ODE.
The BPEL process WSDL would specify the use of the WS header element and the BPEL process designer would map the header element into variables and therefore outgoing message headers via assign / copy operations (similar to the hello_world_header_wsdl quickstart).
This is a good use case for ESB / Riftsaw integration, as Riftsaw is able to use the ESB to access PicketLink and provide SAML support.