Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 3.0.3
-
Component/s: None
-
Labels:None
-
Estimated Complexity:Unknown
Description
The AuthPolicyValidatingInterceptor can be used to authenticate a HTTP B/A with a WSS4J Validator. For example, it could be combined with the STSTokenValidator to send the username/password to an STS for authentication. If the UsernameToken is transformed into a SAML Assertion, there is currently no way to set the roles in the security context