I need to secure a SOAP web service (based on Axis2) with this configuration:
So I have thought about using WSO2 Identity Server coupled with rampart (I also need WS-Security for encryption and signature). Is it possible to do so? Can you suggest me how?
You can either go with WSO2 IS STS (which is WS-*) or Web Browser SSO of SAML. Depends on the nature of your application (Web browser based or not), you can pick any one of the above methods. You can get user roles from the SAML Response.
However, if you are using XACML, you do not need to get the user roles over SAML. Simply create a policy in WSO2 IS (with the required role and other conditions). Then create a PEP module to validate service requests. WSO2 IS will get the username and read user roles from LDAP/userstore and do the validation.