Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6763

STS requires ClaimHandler even in ClaimMapping only scenarios

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.1.4
    • 3.1.5, 3.0.8
    • STS
    • None
    • Unknown

    Description

      In case that the STS is used only for token mapping, the STS does not need ClaimHandler to lookup claims from a backend.
      Example Scenario: Fediz-IDP is used as a RP-IDP only (with no direct user login), but only doing claim mappings.
      In this case the STS only needs a relationship with a ClaimMapper, but no ClaimHandler are required.

      The following code within org.apache.cxf.sts.operation.TokenIssueOperation however checks if ClaimMapper for requested Claims exists and fails if not.

      //Check if the requested claims can be handled by the configured claim handlers
      ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
      checkClaimsSupport(requestedClaims);
      requestedClaims = providerParameters.getRequestedSecondaryClaims();
      checkClaimsSupport(requestedClaims);
      providerParameters.setClaimsManager(claimsManager);
      

      From my understanding these checkClaimsSupport can be removed completely, because the STS will still fail, if the requested Claims are not available in the end.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            jan4talend Jan Bernhardt
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: