Uploaded image for project: 'CXF-Fediz'
  1. CXF-Fediz
  2. FEDIZ-168

Support SAML Token without Audience Restriction

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.3.0, 1.2.2
    • 1.2.3, 1.3.1
    • IDP, Plugin
    • None

    Description

      Currently Fediz only supports SAML with an audience restriction. However the standard only requires audience restriction validation if this value is present within the SAML token. If no audience restriction is set, this token should be valid for any service.

      Especially in cases when the Login SAML token should be used to login to a webpage and the same token can be used to authenticate the user against backend services, an audience restriction could be disturbing.

      Fediz Plugin should accept SAML token without audience restrictions as valid (if all other security requirements are met) and the Fediz IDP should be configurable to request SAML token from the STS without audience restrictions.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. FEDIZ-218 Support SAML Token without Audience Restriction in plugin

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jan4talend Jan Bernhardt
              jan4talend Jan Bernhardt
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: