cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: ActAs implementation from the STS
Date Wed, 19 Oct 2016 14:33:02 GMT
Fixed here for the record: https://issues.apache.org/jira/browse/CXF-7099

Colm.

On Tue, Oct 18, 2016 at 8:50 AM, Jan Bernhardt <jbernhardt@talend.com>
wrote:

> Hi CXF developers,
>
> I was looking at the Test Cases for the STS ActAs support
> (org.apache.cxf.sts.token.provider.SAMLProviderActAsTest).
> However, they confused me a bit, because in all cases the NameIdentifier
> ends up being the same as the ActAs attribute Statement.
> If both have the same value, what would be the added value to the
> attribute Statement?
> If I understand the specification correctly ActAs should provide both
> information, the principal to "act as" as well as the principle acting as
> the other user.
>
> So does that mean our Test-Cases do not cover this aspect or is our
> implementation wrong?
> What should be the expected outcome?
>
> Best regards
> Jan
>
> > -----Urspr√ľngliche Nachricht-----
> > Von: Jan Bernhardt [mailto:jbernhardt@talend.com]
> > Gesendet: Mittwoch, 12. Oktober 2016 15:12
> > An: users@cxf.apache.org
> > Betreff: ActAs implementation from the STS
> >
> > Hi CXF Users,
> >
> > I'm currently trying to figure out the differences between onBehalfOf and
> > ActAs token delegation.
> > And whether the implementation at the STS is correct or not.
> >
> > I could not find anything substantial in the WS-Trust specification.
> > Is our implementation within the STS just a guessing because of missing
> > specification, or is there some specification I'm not aware of?
> >
> > Kind regards
> > Jan
> >
> > --
> > Jan Bernhardt
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> > Visit my Blog
> > https://janbernhardt.blogspot.de
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message