[CXF-3225] Add support for saml tokens in sp:InitiatorToken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.1
Fix Version/s: 2.4.4, 2.5.1
Component/s: WS-* Components
Labels:
None

Description

Currently CXF does not support SAML tokens to be used as InitiatorToken in Asymmetric bindings, where as the certificate referred to in the SAML assertion signs the message content (eg SAML Holder of Key scenarios).

chapter 6 Scenario #4 - Holder-of-Key (p28)
http://www.oasis-open.org/committees/download.php/23071/ws-sp-usecases-examples-draft-11-03.doc

chapter 2.3.1.5 (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
http://www.oasis-open.org/committees/download.php/7702/wss-saml-interop1-draft-12.doc

When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken> instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by default. CXF does not ask for a SAML token and it is impossible to construct a message signature which SignatureTokenReference contains a reference to the SAML assertion (http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID)

<wsse:SecurityTokenReference wsu:id="STR1">
<wsse:KeyIdentifier wsu:id="..."
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">
_a75adf55-01d7-40cc-929f-dbd8372ebdfc
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>

Attachments

Issue Links

depends upon

CXF-2657 Support issued tokens for AsymmetricBinding Initiator Token property.

Closed

relates to

CXF-3432 Support WS-SecurityPolicy SamlToken expressions

Closed

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Willem Salembier

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 31/Dec/10 10:20

Updated:: 02/May/13 02:29

Resolved:: 01/Nov/11 17:11