cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <>
Subject STSTokenValidator enhancements
Date Wed, 05 Feb 2014 19:42:51 GMT
Hi there

The STSTokenValidator is used to validate incoming credentials (ex. username/password) against
the STS. The STSTokenValidator can be used for authentication for web services as well a REST

REST security is already very enhanced to support claims based access control which requires
that the service provider knows the user claims like from a SAML token. This could also be
achieved for incoming username/passwords by issuing a SAML token with a configurable list
of claims.

The STSTokenValidator uses the STS validate binding which doesn't support to validate a token
and provide additional claims in the returned SAML token.

There are two options:

1) Make the binding configurable in the STSTokenValidator (validate/issue) and configure the
list of claims, appliesto element, lifetime etc. for the issue use case

2) Enhance the validate binding use case on the STS and in the STSTokenValidator to configure
the list of claims, appliesto element, lifetime etc.




Oliver Wulff

Solution Architect

<>Talend Application Integration Division

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message