Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3923 Support for OnBehalfOf in SAMLTokenProvider
  3. CXF-3940

A SAML Token requested OnBehalfOf should hide the actual requestor and should only contain the OnBehalfOf Identity

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5
    • 2.5.1
    • Services
    • Moderate

    Description

      As far as I know, to request an OnBehalfOf Token should not simply result in adding a related SAML Attribute (as it would be ok for ActAs). OnBehalfOf should deliver a Token where "only" the OnBehalfOf Principal is contained. Therefor the SAML Subject should match the requested OnBehalfOf Principal and not the Principal which was authenticated based on the security token sent in the WS-Security header...

      Attachments

        Activity

          People

            Unassigned Unassigned
            jan4talend Jan Bernhardt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 48h
                48h
                Remaining:
                Remaining Estimate - 48h
                48h
                Logged:
                Time Spent - Not Specified
                Not Specified