cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pell <ja...@pellcorp.com>
Subject Upgrading to cxf 2.7.13 - SAMLTokenPrincipal no longer being registered as a SecurityContext
Date Thu, 16 Oct 2014 13:02:37 GMT
All I get now is the X500Principal of the https token.

My policy is below.  I am relying on the RequireClientCertificate to have
the saml token "signed" and thus I would have expected it to be present in
the security context.  I am at a loss as to why something like this could
change between point releases.


    <!-- 2.3.1.1 (WSS1.0) SAML1.1 Assertion (Bearer) -->
    <wsp:Policy wsu:Id="TLSBearerPolicy"
         xmlns:wsp="http://www.w3.org/ns/ws-policy"
        xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

            <wsp:All>
                <sp:TransportBinding>
                    <wsp:Policy>
                        <sp:TransportToken>
                            <wsp:Policy>
                                <sp:HttpsToken>
                                    <wsp:Policy>
                                        <sp:RequireClientCertificate/>
                                    </wsp:Policy>
                                </sp:HttpsToken>
                            </wsp:Policy>
                        </sp:TransportToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:Basic128 />
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict />
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp />
                    </wsp:Policy>
                </sp:TransportBinding>

                <sp:SignedSupportingTokens>
                    <wsp:Policy>
                        <sp:SamlToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
                            <wsp:Policy>
                                <sp:WssSamlV11Token11/>
                            </wsp:Policy>
                        </sp:SamlToken>
                    </wsp:Policy>
                </sp:SignedSupportingTokens>
            </wsp:All>
    </wsp:Policy>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message