Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3883

Support for identity mapping as part of issue token process

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 2.7.6
    • Component/s: STS
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      The JIRA https://issues.apache.org/jira/browse/CXF-3520 describes the case where a CXF consumer has configured a different STS than the issuer configured in the IssuedToken assertion of the service provider:

      In this case, the service consumer and provider don't understand the identity/subject/principal of the counterpart. First, the consumer gets a token from its STS (IDP-STS) which could be a SAML token. Then he requests another token from the STS and sends the one issued before as part of the WS-Security header.

      The STS must figure out that the sent and requested tokens are from different realms (security domains) and must therefore call the configured identity mapper which takes as parameters source realm, target realm and source principal.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              owulff Oliver Wulff
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: