CXF
  1. CXF
  2. CXF-3923

Support for OnBehalfOf in SAMLTokenProvider

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 2.5.1
    • Component/s: Services
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      The SAMLTokenProvider supports to issue a SAML token based on the authenticated principal in the RST which means the security token sent in the WS-Security header.

      It is not supported that the client requests a SAML token OnBehalfOf another SAML token.

      1. patch.git.diff
        3 kB
        Oliver Wulff

        Activity

        Hide
        Oliver Wulff added a comment -

        The patch fixes that in the DefaultSubjectProvider.

        One note: My code doesn't validate the SAML token. IMHO, this must be processed during the validation of the RST.

        Show
        Oliver Wulff added a comment - The patch fixes that in the DefaultSubjectProvider. One note: My code doesn't validate the SAML token. IMHO, this must be processed during the validation of the RST.

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Oliver Wulff
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 48h
              48h
              Remaining:
              Remaining Estimate - 48h
              48h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development