CXF
  1. CXF
  2. CXF-3225

Add support for saml tokens in sp:InitiatorToken

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.1
    • Fix Version/s: 2.4.4, 2.5.1
    • Component/s: WS-* Components
    • Labels:
      None

      Description

      Currently CXF does not support SAML tokens to be used as InitiatorToken in Asymmetric bindings, where as the certificate referred to in the SAML assertion signs the message content (eg SAML Holder of Key scenarios).

      chapter 6 Scenario #4 - Holder-of-Key (p28)
      http://www.oasis-open.org/committees/download.php/23071/ws-sp-usecases-examples-draft-11-03.doc

      chapter 2.3.1.5 (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
      http://www.oasis-open.org/committees/download.php/7702/wss-saml-interop1-draft-12.doc

      When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken> instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by default. CXF does not ask for a SAML token and it is impossible to construct a message signature which SignatureTokenReference contains a reference to the SAML assertion (http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID)

      <wsse:SecurityTokenReference wsu:id="STR1">
      <wsse:KeyIdentifier wsu:id="..."
      ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">
      _a75adf55-01d7-40cc-929f-dbd8372ebdfc
      </wsse:KeyIdentifier>
      </wsse:SecurityTokenReference>

        Issue Links

          Activity

          Willem Salembier created issue -
          Colm O hEigeartaigh made changes -
          Field Original Value New Value
          Link This issue duplicates CXF-2657 [ CXF-2657 ]
          Colm O hEigeartaigh made changes -
          Link This issue duplicates CXF-2657 [ CXF-2657 ]
          Colm O hEigeartaigh made changes -
          Link This issue depends on CXF-2657 [ CXF-2657 ]
          Mark Thomas made changes -
          Workflow jira [ 12541258 ] Default workflow, editable Closed status [ 12605921 ]
          Colm O hEigeartaigh made changes -
          Link This issue relates to CXF-3432 [ CXF-3432 ]
          Colm O hEigeartaigh made changes -
          Assignee Colm O hEigeartaigh [ coheigea ]
          Colm O hEigeartaigh made changes -
          Fix Version/s 2.4.4 [ 12318347 ]
          Fix Version/s 2.5.1 [ 12318888 ]
          Colm O hEigeartaigh made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Freeman Fang made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Gavin made changes -
          Link This issue depends on CXF-2657 [ CXF-2657 ]
          Gavin made changes -
          Link This issue depends upon CXF-2657 [ CXF-2657 ]

            People

            • Assignee:
              Colm O hEigeartaigh
              Reporter:
              Willem Salembier
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development