CXF
  1. CXF
  2. CXF-3923

Support for OnBehalfOf in SAMLTokenProvider

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 2.5.1
    • Component/s: Services
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      The SAMLTokenProvider supports to issue a SAML token based on the authenticated principal in the RST which means the security token sent in the WS-Security header.

      It is not supported that the client requests a SAML token OnBehalfOf another SAML token.

      1. patch.git.diff
        3 kB
        Oliver Wulff
      There are no Sub-Tasks for this issue.

        Activity

        Oliver Wulff created issue -
        Oliver Wulff made changes -
        Field Original Value New Value
        Attachment patch.git.diff [ 12504112 ]
        Colm O hEigeartaigh made changes -
        Assignee Colm O hEigeartaigh [ coheigea ]
        Colm O hEigeartaigh made changes -
        Fix Version/s 2.5.1 [ 12318888 ]
        Colm O hEigeartaigh made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Jan Bernhardt made changes -
        Comment [ As far as I know, to request an OnBehalfOf Token should not simply result in adding a related SAML Attribute (as it would be ok for ActAs). OnBehalfOf should deliver a Token where "only" the OnBehalfOf Principal is contained. Therefor the SAML Subject should match the requested OnBehalfOf Principal and not the Principal which was authenticated based on the security token sent in the WS-Security header... ]
        Daniel Kulp made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Oliver Wulff
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 48h
              48h
              Remaining:
              Remaining Estimate - 48h
              48h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development