Uploaded byprinceirfancivil
PPT, PDF221 views

Mule security saml

The document discusses Mule's support for SAML (Security Assertion Markup Language) for exchanging security information between federated systems. Mule version 2.2.3 introduced support for SAML 1.1 when using CXF web services. Future versions will support additional transports. The SAML module is only available in the Mule Enterprise edition. The document provides instructions on configuring the SAML module, including adding the JAR, configuring the security manager with keystores and realms, and configuring security filters on CXF endpoints. It also describes the differences between the Sender Vouches and Holder-of-Key SAML profiles.

Embed presentation

Download to read offline
MULE –Security-SAMLMULE –Security-SAML
2 SAML Module As of version 2.2.3, Mule enterprise offers support for the Security Assertion Markup Language (SAML), which is a standard for exchange of security information between federated systems. For more information on SAML, see http://saml.xml.org/wiki/saml-wiki-knowledgebase.
3 SAML Module Current support in Mule is limited to SAML 1.1 and CXF web services only. Future versions of Mule will support the use of SAML with other transports. The supported SAML module is only available in the enterprise edition of Mule, although an unsupported version is available on the MuleForge.
4 Using the SAML Module This section describes how to configure the SAML module in your Mule configuration. Adding the SAML Module JAR The use the SAML module, the mule-module-saml JAR file must be in a location on the classpath of your application.
5 Configuring the Security Manager <mule xmlns:saml="http://www.mulesource.org/schema/mule/saml" xsi:schemaLocation="http://www.mulesource.org/schema/mule/saml http://www.mulesource.org/schema/mule/saml/current/mule-saml.xsd"> <!-- Rest of your mule configuration --> </mule>
6 Next, you configure the SAML security manager as shown below. The following example starts off with the definition of the SAML security manager and its accompanying security provider. The security provider specifies the default security realm to use by security filters if none is specified. This is especially useful in case you have only one security realm.
7 <saml:security-manager> <saml:saml-security-provider name="samlSecurityProvider" default- realm="senderVouches"> <saml:keystore-provider name="default-key-provider" key-store-file="classpath:saml.ks" key-store-type="JKS" key-store-password="changeit"/> <saml:sender-vouches-realm name="senderVouches" sign-key- alias="mulesaml" sign-key-password="changeit" key-provider-ref="default-key-provider" resign-assertions="true"/> <saml:holder-of-key-realm name="holderOfKey" key-provider- ref="default-key-provider" /> </saml:saml-security-provider> </saml:security-manager>
8 Within the security provider, you define a key provider, which reads keys and certificates from a standard Java keystore file. You configure this file using the normal Spring options to define resources. In this case, the keystore is read from the classpath. In this example, two security realms are defined. One uses the sender vouches SAML scheme and is also the default realm. The other is a holder of key realm. Both use the same key provider as defined above. For more information on these realms, see MULE3USER:Choosing a SAML Profile below.
9 Configuring Security on an Endpoint Once you've defined a security manager, you can configure security filters on CXF endpoints as shown in the examples below. The first example does not specify a security realm, so the default realm is used. Both filters specify the same certificate that is used to verify the SAML assertions as issued by the assertion provider. <saml:cxf-security-filter certificate-alias="mulesaml"/> <saml:cxf-security-filter certificate-alias="mulesaml" security-realm="non- default"/>
10 Choosing a SAML Profile SAML defines two different profiles: Sender-vouches (SV) and Holder-of- key (HOK). The Sender Vouches profile means that the sender of a message is authorized to act for one of its users towards another system. In this case, the sender of the message vouches its correctness. If both systems trust each other, this profile is appropriate. Holder-of-key means that the user himself is authorized to perform the actions. In this case, the owner (holder) of the key is acting. If your target system trusts the token issuer (and therefore the user) you'll use Holder-of- key.
Mule security saml

More Related Content

PPTX
Oracle: Cursors
byDataminingTools Inc
 
RTF
Trigger and cursor program using sql
bySushil Mishra
 
PDF
Usertracing
byoracle documents
 
PPTX
Managing stack traces
bySon Nguyen
 
PDF
N_Asm Assembly macros (sol)
bySelomon birhane
 
DOTX
Profil ff
byOperator Warnet Vast Raha
 
PDF
Zain Ahmed Khan
byZain Khan
 
PPTX
QualityA2011
byJOY KASTNER
 
Oracle: Cursors
byDataminingTools Inc
 
Trigger and cursor program using sql
bySushil Mishra
 
Usertracing
byoracle documents
 
Managing stack traces
bySon Nguyen
 
N_Asm Assembly macros (sol)
bySelomon birhane
 
Profil ff
byOperator Warnet Vast Raha
 
Zain Ahmed Khan
byZain Khan
 
QualityA2011
byJOY KASTNER
 

Viewers also liked

PPS
Laranjeiras Classic
byrjimovel
 
PPTX
Biochar Synthesis in the Laboratory
byCarlos Loyola
 
ODP
Europe Diversité Spatiale
byRidel Cédric
 
DOC
al resume
byAlison Ladson
 
PDF
Bio_Boris_Kacmar_03232K15
byBoris Kacmar
 
DOC
Neil Woolliscroft CV
byneil woolliscroft
 
PDF
Glosario tecnico financiero
byUNIVERSIDAD POLITÉCNICA ESTATAL DEL CARCHI
 
PPT
ЭКГ:выступление на род.собр.
byau-elista
 
PDF
6. MAGNITUD EN VECTORES Y ESCALARES
byedvinogo
 
PDF
5. Communitytraining-ITmitte.de
byCommunity ITmitte.de
 
PDF
Slow Pyrolysis of Corncobs for Biochar as a Possible Alternative to Graphene ...
byAlexander Lau
 
DOC
Resume-2015
byRobert Sonnessa
 
PPTX
Федосеевка: презентация по пдд младш гр
byau-elista
 
PPT
PPT-3 Final
bySpectacular Advert. Events
 
KEY
Plante um Futuro - Afiliação de Colaboradores
byBruno Abreu
 
PPTX
Monthly August 2013
byJOY KASTNER
 
PDF
HEAG
byGeorge Vrionides
 
Laranjeiras Classic
byrjimovel
 
Biochar Synthesis in the Laboratory
byCarlos Loyola
 
Europe Diversité Spatiale
byRidel Cédric
 
al resume
byAlison Ladson
 
Bio_Boris_Kacmar_03232K15
byBoris Kacmar
 
Neil Woolliscroft CV
byneil woolliscroft
 
Glosario tecnico financiero
byUNIVERSIDAD POLITÉCNICA ESTATAL DEL CARCHI
 
ЭКГ:выступление на род.собр.
byau-elista
 
6. MAGNITUD EN VECTORES Y ESCALARES
byedvinogo
 
5. Communitytraining-ITmitte.de
byCommunity ITmitte.de
 
Slow Pyrolysis of Corncobs for Biochar as a Possible Alternative to Graphene ...
byAlexander Lau
 
Resume-2015
byRobert Sonnessa
 
Федосеевка: презентация по пдд младш гр
byau-elista
 
PPT-3 Final
bySpectacular Advert. Events
 
Plante um Futuro - Afiliação de Colaboradores
byBruno Abreu
 
Monthly August 2013
byJOY KASTNER
 
HEAG
byGeorge Vrionides
 

Similar to Mule security saml

PPT
Mule SAML
byD.Rajesh Kumar
 
PPT
Mule security - spring security manager
byD.Rajesh Kumar
 
PPTX
Cmm vm 002
byLalit Panwar
 
PPT
Mule security - saml
byvishnukanthro45
 
PPT
Mule security - saml
bycharan teja R
 
PPT
Mule security
bycharan teja R
 
PPT
Mule security
byvishnukanthro45
 
PPT
Mule security
byhimajareddys
 
PPT
Mule security - pgp
byD.Rajesh Kumar
 
PPT
Mule security
byD.Rajesh Kumar
 
PPT
Security spring security manager
byhimajareddys
 
PPT
Security spring security manager
bycharan teja R
 
PPT
Security springsecuritymanager-sathyaraj
bysathyaraj Anand
 
PPT
Mule with spring security manager
bySon Nguyen
 
PPT
Spring security integrate with mule
bySon Nguyen
 
PPTX
Flows in mule
bySindhu VL
 
PPTX
Flows in mule
bySon Nguyen
 
PPTX
Flowsinmule 160517130818
byppts123456
 
PPTX
Securing mule
bySindhu VL
 
PPTX
Mule securing
bySindhu VL
 
Mule SAML
byD.Rajesh Kumar
 
Mule security - spring security manager
byD.Rajesh Kumar
 
Cmm vm 002
byLalit Panwar
 
Mule security - saml
byvishnukanthro45
 
Mule security - saml
bycharan teja R
 
Mule security
bycharan teja R
 
Mule security
byvishnukanthro45
 
Mule security
byhimajareddys
 
Mule security - pgp
byD.Rajesh Kumar
 
Mule security
byD.Rajesh Kumar
 
Security spring security manager
byhimajareddys
 
Security spring security manager
bycharan teja R
 
Security springsecuritymanager-sathyaraj
bysathyaraj Anand
 
Mule with spring security manager
bySon Nguyen
 
Spring security integrate with mule
bySon Nguyen
 
Flows in mule
bySindhu VL
 
Flows in mule
bySon Nguyen
 
Flowsinmule 160517130818
byppts123456
 
Securing mule
bySindhu VL
 
Mule securing
bySindhu VL
 

More from princeirfancivil

PPTX
Introduction to java
byprinceirfancivil
 
PPTX
Web services SOAP
byprinceirfancivil
 
PPTX
Web services wsdl
byprinceirfancivil
 
PPTX
Web services uddi
byprinceirfancivil
 
PPTX
How to use message properties component
byprinceirfancivil
 
PPTX
Mule esb
byprinceirfancivil
 
PPT
Anypoint data gateway
byprinceirfancivil
 
PPTX
How to use expression filter
byprinceirfancivil
 
PPTX
Mapping and listing with mule
byprinceirfancivil
 
PPTX
WebServices introduction
byprinceirfancivil
 
PPTX
Building and managing java projects with maven part-III
byprinceirfancivil
 
PPT
Mule esb api layer
byprinceirfancivil
 
PPTX
Data weave
byprinceirfancivil
 
PPTX
Mmc rest api user groups
byprinceirfancivil
 
PPTX
Maven II
byprinceirfancivil
 
PPTX
Mule esb stripe
byprinceirfancivil
 
PPTX
Maven part 1
byprinceirfancivil
 
PPTX
Mmc
byprinceirfancivil
 
PPTX
Mmc
byprinceirfancivil
 
PPTX
Mmc 2
byprinceirfancivil
 
Introduction to java
byprinceirfancivil
 
Web services SOAP
byprinceirfancivil
 
Web services wsdl
byprinceirfancivil
 
Web services uddi
byprinceirfancivil
 
How to use message properties component
byprinceirfancivil
 
Mule esb
byprinceirfancivil
 
Anypoint data gateway
byprinceirfancivil
 
How to use expression filter
byprinceirfancivil
 
Mapping and listing with mule
byprinceirfancivil
 
WebServices introduction
byprinceirfancivil
 
Building and managing java projects with maven part-III
byprinceirfancivil
 
Mule esb api layer
byprinceirfancivil
 
Data weave
byprinceirfancivil
 
Mmc rest api user groups
byprinceirfancivil
 
Maven II
byprinceirfancivil
 
Mule esb stripe
byprinceirfancivil
 
Maven part 1
byprinceirfancivil
 
Mmc
byprinceirfancivil
 
Mmc
byprinceirfancivil
 
Mmc 2
byprinceirfancivil
 

Recently uploaded

PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
The CISO_Transformation_Playbook From Cost Centre to Chief Trust Officer
bysajjasridhar1990
 
PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PDF
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
The CISO_Transformation_Playbook From Cost Centre to Chief Trust Officer
bysajjasridhar1990
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 

Mule security saml

  • 1.
  • 2.
    2 SAML Module As ofversion 2.2.3, Mule enterprise offers support for the Security Assertion Markup Language (SAML), which is a standard for exchange of security information between federated systems. For more information on SAML, see http://saml.xml.org/wiki/saml-wiki-knowledgebase.
  • 3.
    3 SAML Module Current supportin Mule is limited to SAML 1.1 and CXF web services only. Future versions of Mule will support the use of SAML with other transports. The supported SAML module is only available in the enterprise edition of Mule, although an unsupported version is available on the MuleForge.
  • 4.
    4 Using the SAMLModule This section describes how to configure the SAML module in your Mule configuration. Adding the SAML Module JAR The use the SAML module, the mule-module-saml JAR file must be in a location on the classpath of your application.
  • 5.
    5 Configuring the SecurityManager <mule xmlns:saml="http://www.mulesource.org/schema/mule/saml" xsi:schemaLocation="http://www.mulesource.org/schema/mule/saml http://www.mulesource.org/schema/mule/saml/current/mule-saml.xsd"> <!-- Rest of your mule configuration --> </mule>
  • 6.
    6 Next, you configurethe SAML security manager as shown below. The following example starts off with the definition of the SAML security manager and its accompanying security provider. The security provider specifies the default security realm to use by security filters if none is specified. This is especially useful in case you have only one security realm.
  • 7.
    7 <saml:security-manager> <saml:saml-security-provider name="samlSecurityProvider" default- realm="senderVouches"> <saml:keystore-providername="default-key-provider" key-store-file="classpath:saml.ks" key-store-type="JKS" key-store-password="changeit"/> <saml:sender-vouches-realm name="senderVouches" sign-key- alias="mulesaml" sign-key-password="changeit" key-provider-ref="default-key-provider" resign-assertions="true"/> <saml:holder-of-key-realm name="holderOfKey" key-provider- ref="default-key-provider" /> </saml:saml-security-provider> </saml:security-manager>
  • 8.
    8 Within the securityprovider, you define a key provider, which reads keys and certificates from a standard Java keystore file. You configure this file using the normal Spring options to define resources. In this case, the keystore is read from the classpath. In this example, two security realms are defined. One uses the sender vouches SAML scheme and is also the default realm. The other is a holder of key realm. Both use the same key provider as defined above. For more information on these realms, see MULE3USER:Choosing a SAML Profile below.
  • 9.
    9 Configuring Security onan Endpoint Once you've defined a security manager, you can configure security filters on CXF endpoints as shown in the examples below. The first example does not specify a security realm, so the default realm is used. Both filters specify the same certificate that is used to verify the SAML assertions as issued by the assertion provider. <saml:cxf-security-filter certificate-alias="mulesaml"/> <saml:cxf-security-filter certificate-alias="mulesaml" security-realm="non- default"/>
  • 10.
    10 Choosing a SAMLProfile SAML defines two different profiles: Sender-vouches (SV) and Holder-of- key (HOK). The Sender Vouches profile means that the sender of a message is authorized to act for one of its users towards another system. In this case, the sender of the message vouches its correctness. If both systems trust each other, this profile is appropriate. Holder-of-key means that the user himself is authorized to perform the actions. In this case, the owner (holder) of the key is acting. If your target system trusts the token issuer (and therefore the user) you'll use Holder-of- key.