Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8567

AdviceBean in CXF STS using SAMLTokenProvider

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.4.4
    • Fix Version/s: None
    • Component/s: JAX-WS Runtime, STS
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      In the context of a new project, I need to implement a STS that generates some SAML tokens for users already authenticated.

      As a result, the SAML assertion returns by the STS must contain reference to the SAML assertion sent in the request.

       

      <saml2:Assertion ID="_78a4e4c6-d394-4c18-89da-7f9eb82dc517" IssueInstant="2021-07-22T21:02:16.176Z" Version="2.0" xsi:type="saml2:AssertionType" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      
          ...
      
          <saml2:Subject>
              <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">fPzBicjKXtADawasyp1d1w==</saml2:NameID>
              <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
          </saml2:Subject>
          <saml2:Conditions NotBefore="2021-07-13T12:07:58.417Z" NotOnOrAfter="2021-07-13T14:07:58.417Z"/>
          <saml2:Advice>
              <saml2:AssertionIDRef>_2c84dd7b-728c-4a35-95ed-dc36aeda731e</saml2:AssertionIDRef>
          </saml2:Advice>
          <saml2:AuthnStatement AuthnInstant="2021-07-13T12:07:58.417Z">
      	<saml2:AuthnContext>
                  <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</saml2:AuthnContextClassRef>
              </saml2:AuthnContext>
          </saml2:AuthnStatement>
      
          ...
      
      </saml2:Assertion>
      

       

      Currently, I implement my own providers using the following interfaces to populate/customize the rest of the SAML assertion:

      • AttributeStatementProvider
      • AuthDecisionStatementProvider
      • AuthenticationStatementProvider
      • ConditionsProvider

      However, I do not find a mechanism to populate the AdviceBean.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              subigre subigre

              Dates

              • Created:
                Updated:

                Issue deployment