[CXF-3236] Add support for an Issued Token extracted from a SAML assertion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.1
Fix Version/s: 2.3.2, 2.4
Component/s: WS-* Components
Labels:
None

Description

CXF cannot currently support the following use-case:

A service endpoint has a security policy consisting of a sp:SymmetricBinding which uses a (SAML) sp:IssuedToken as the sp:ProtectionToken. A client parses this, and obtains the appropriate SAML token from an STS, which it sends to the service endpoint, securing the message appropriately. The service endpoint can process the request, but it falls down on the reply as it does not know how to get access to the Issued Token to secure the message reply.

A patch to WSS4J to save the secret key extracted from the SAML assertion is here (https://issues.apache.org/jira/browse/WSS-263). A patch is required to CXF to parse the result set and save the appropriate token.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cxf-3234-tentative.patch
07/Jan/11 17:36
3 kB
Colm O hEigeartaigh

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Jan/11 17:34

Updated:: 21/Jan/11 18:14

Resolved:: 17/Jan/11 20:19