cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject Support for identity mapping as part of issue token process
Date Mon, 05 Mar 2012 09:34:08 GMT
Hi all

I've raised the following issue some time back:
https://issues.apache.org/jira/browse/CXF-3520

Right now, the STS will map the identity or the claims of the identity in two cases:
- Issue request, onbehalfof (intermediary, proxy)
- Validate request, tokenType not equal to status

The above JIRA should support to send a SAML token in the WS-Security header. If the SAML
token has been issued by another realm, either the identity is mapped or the claims transformed.

1)
The WS-Security headers are processed by WSS4J whereas the onbehalfof, validatetarget, actas
elements are validated by the TokenValidators. The TokenProviderParameters interface provides
the authenticated principal. How can I access the already parsed SAML token?

2)
Maybe we should add an instance of ReceivedToken for the token in the WS-Security header.
Then, the token provider implementation can decide which information should be encoded within
an issued token.

3)
I had a look to the testcases of WSS4J here:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java

What is the best way to add unit tests in sts-core (which is based on JAXB classes) where
you can add a WS-Security header without using the whole SOAP/HTTP stack.


Thoughts?

Thanks
Oli






------

Oliver Wulff

http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
Talend Application Integration Division http://www.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message