cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pell <>
Subject Upgrading to cxf 2.7.13 - SAMLTokenPrincipal no longer being registered as a SecurityContext
Date Thu, 16 Oct 2014 13:02:37 GMT
All I get now is the X500Principal of the https token.

My policy is below.  I am relying on the RequireClientCertificate to have
the saml token "signed" and thus I would have expected it to be present in
the security context.  I am at a loss as to why something like this could
change between point releases.

    <!-- (WSS1.0) SAML1.1 Assertion (Bearer) -->
    <wsp:Policy wsu:Id="TLSBearerPolicy"

                                <sp:Basic128 />
                                <sp:Strict />
                        <sp:IncludeTimestamp />

                        <sp:SamlToken sp:IncludeToken="

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message