Description
In case that the STS is used only for token mapping, the STS does not need ClaimHandler to lookup claims from a backend.
Example Scenario: Fediz-IDP is used as a RP-IDP only (with no direct user login), but only doing claim mappings.
In this case the STS only needs a relationship with a ClaimMapper, but no ClaimHandler are required.
The following code within org.apache.cxf.sts.operation.TokenIssueOperation however checks if ClaimMapper for requested Claims exists and fails if not.
//Check if the requested claims can be handled by the configured claim handlers
ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
checkClaimsSupport(requestedClaims);
requestedClaims = providerParameters.getRequestedSecondaryClaims();
checkClaimsSupport(requestedClaims);
providerParameters.setClaimsManager(claimsManager);
From my understanding these checkClaimsSupport can be removed completely, because the STS will still fail, if the requested Claims are not available in the end.