[CXF-6763] STS requires ClaimHandler even in ClaimMapping only scenarios - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.4
Fix Version/s: 3.1.5, 3.0.8
Component/s: STS
Labels:
None

Estimated Complexity:
Unknown

Description

In case that the STS is used only for token mapping, the STS does not need ClaimHandler to lookup claims from a backend.
Example Scenario: Fediz-IDP is used as a RP-IDP only (with no direct user login), but only doing claim mappings.
In this case the STS only needs a relationship with a ClaimMapper, but no ClaimHandler are required.

The following code within org.apache.cxf.sts.operation.TokenIssueOperation however checks if ClaimMapper for requested Claims exists and fails if not.

//Check if the requested claims can be handled by the configured claim handlers
ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
checkClaimsSupport(requestedClaims);
requestedClaims = providerParameters.getRequestedSecondaryClaims();
checkClaimsSupport(requestedClaims);
providerParameters.setClaimsManager(claimsManager);

From my understanding these checkClaimsSupport can be removed completely, because the STS will still fail, if the requested Claims are not available in the end.

Attachments

Activity

People

Assignee:

Colm O hEigeartaigh

Reporter:

Jan Bernhardt

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

27/Jan/16 09:44

Updated:

14/Oct/16 14:15

Resolved:

27/Jan/16 11:29