cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Bernhardt <>
Subject AW: ActAs implementation from the STS
Date Tue, 18 Oct 2016 07:50:12 GMT
Hi CXF developers,

I was looking at the Test Cases for the STS ActAs support (org.apache.cxf.sts.token.provider.SAMLProviderActAsTest).
However, they confused me a bit, because in all cases the NameIdentifier ends up being the
same as the ActAs attribute Statement.
If both have the same value, what would be the added value to the attribute Statement?
If I understand the specification correctly ActAs should provide both information, the principal
to "act as" as well as the principle acting as the other user.

So does that mean our Test-Cases do not cover this aspect or is our implementation wrong?
What should be the expected outcome?

Best regards

> -----Urspr√ľngliche Nachricht-----
> Von: Jan Bernhardt []
> Gesendet: Mittwoch, 12. Oktober 2016 15:12
> An:
> Betreff: ActAs implementation from the STS
> Hi CXF Users,
> I'm currently trying to figure out the differences between onBehalfOf and
> ActAs token delegation.
> And whether the implementation at the STS is correct or not.
> I could not find anything substantial in the WS-Trust specification.
> Is our implementation within the STS just a guessing because of missing
> specification, or is there some specification I'm not aware of?
> Kind regards
> Jan
> --
> Jan Bernhardt
> Talend Community Coder
> Visit my Blog

View raw message