cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Valeri (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CXF-2909) WS-T / WS-SP sp:RequestSecurityTokenTemplate not using wst:SecondaryParameters
Date Tue, 27 Jul 2010 13:00:22 GMT

     [ https://issues.apache.org/jira/browse/CXF-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Valeri resolved CXF-2909.
-------------------------------

    Resolution: Fixed

> WS-T / WS-SP sp:RequestSecurityTokenTemplate not using  wst:SecondaryParameters
> -------------------------------------------------------------------------------
>
>                 Key: CXF-2909
>                 URL: https://issues.apache.org/jira/browse/CXF-2909
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3, 2.2.10
>            Reporter: David Valeri
>            Assignee: David Valeri
>             Fix For: 2.3, 2.2.10
>
>
> Per the WS-SP 1.2 spec, section 5.4.2, "This required element contains elements which
MUST be copied into the wst:SecondaryParameters of the RST request sent to the specified issuer.
Note: the initiator is not required to understand the contents of this element."
> The STS client copies these values directly into the body of the wst:RequestSecurityToken
element in the request to the STS.
> So this policy:
> {code:xml}
> <sp:IssuedTokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
>   <sp:RequestSecurityTokenTemplate>
>     <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </sp:RequestSecurityTokenTemplate>
> </sp:IssuedToken>
> {code}
> Becomes this request:
> {code:xml}
> <wst:RequestSecurityToken>
>   ...
>   <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>   <wst:AppliesTo>
>     <wsp:URI>service-1</wsp:URI>
>   </wst:AppliesTo>
>   <wst:Participants>
>     <wst:Participant>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:Participant>
>   </wst:Participants>
>   <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   ...
> </wst:RequestSecurityToken>
> {code}
> Instead of: 
> {code}
> <wst:RequestSecurityToken>
>   ...
>   <wst:SecondaryParameters>
>   <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </wst:SecondaryParameters>
>   ...
> </wst:RequestSecurityToken>
> {code}
> WS-Trust 1.0 and WS-SP 1.0 do not support the wst:SecondaryParameters element so backwards
compatibility should be retained per the interopfest samples.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message