cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject STSTokenValidator enhancements
Date Wed, 05 Feb 2014 19:42:51 GMT
Hi there

The STSTokenValidator is used to validate incoming credentials (ex. username/password) against
the STS. The STSTokenValidator can be used for authentication for web services as well a REST
services.

REST security is already very enhanced to support claims based access control which requires
that the service provider knows the user claims like from a SAML token. This could also be
achieved for incoming username/passwords by issuing a SAML token with a configurable list
of claims.

The STSTokenValidator uses the STS validate binding which doesn't support to validate a token
and provide additional claims in the returned SAML token.

There are two options:

1) Make the binding configurable in the STSTokenValidator (validate/issue) and configure the
list of claims, appliesto element, lifetime etc. for the issue use case

2) Enhance the validate binding use case on the STS and in the STSTokenValidator to configure
the list of claims, appliesto element, lifetime etc.

WDYT?

Thanks
Oli



------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message