cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Valeri (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-2909) WS-T / WS-SP sp:RequestSecurityTokenTemplate not using > wst:SecondaryParameters
Date Mon, 26 Jul 2010 20:09:16 GMT
WS-T / WS-SP sp:RequestSecurityTokenTemplate not using  > wst:SecondaryParameters
---------------------------------------------------------------------------------

                 Key: CXF-2909
                 URL: https://issues.apache.org/jira/browse/CXF-2909
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.3, 2.2.10
            Reporter: David Valeri
             Fix For: 2.3, 2.2.10


Per the WS-SP 1.2 spec, section 5.4.2, "This required element contains elements which MUST
be copied into the wst:SecondaryParameters of the RST request sent to the specified issuer.
Note: the initiator is not required to understand the contents of this element."

The STS client copies these values directly into the body of the wst:RequestSecurityToken
element in the request to the STS.

So this policy:
{code:xml}
<sp:IssuedTokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
  <sp:RequestSecurityTokenTemplate>
    <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
    <wst:AppliesTo>
      <wsp:URI>service-1</wsp:URI>
    </wst:AppliesTo>
    <wst:Participants>
      <wst:Participant>
        <wsp:URI>service-1</wsp:URI>
      </wst:Participant>
    </wst:Participants>
    <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  </sp:RequestSecurityTokenTemplate>
</sp:IssuedToken>
{code}
Becomes this request:
{code:xml}
<wst:RequestSecurityToken>
  ...
  <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
  <wst:AppliesTo>
    <wsp:URI>service-1</wsp:URI>
  </wst:AppliesTo>
  <wst:Participants>
    <wst:Participant>
      <wsp:URI>service-1</wsp:URI>
    </wst:Participant>
  </wst:Participants>
  <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  ...
</wst:RequestSecurityToken>
{code}
Instead of: 
{code}
<wst:RequestSecurityToken>
  ...
  <wst:SecondaryParameters>
  <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
    <wst:AppliesTo>
      <wsp:URI>service-1</wsp:URI>
    </wst:AppliesTo>
    <wst:Participants>
      <wst:Participant>
        <wsp:URI>service-1</wsp:URI>
      </wst:Participant>
    </wst:Participants>
    <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  </wst:SecondaryParameters>
  ...
</wst:RequestSecurityToken>
{code}

WS-Trust 1.0 and WS-SP 1.0 do not support the wst:SecondaryParameters element so backwards
compatibility should be retained per the interopfest samples.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message