cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Salembier (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-3224) WS-Trust: remove current wst:KeyType and wst:KeySize defaults
Date Fri, 31 Dec 2010 09:27:45 GMT

    [ https://issues.apache.org/jira/browse/CXF-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976203#action_12976203
] 

Willem Salembier commented on CXF-3224:
---------------------------------------

Yes the clarification is correct. The main reason is because it's meaningless in this scenario.
The STS doesn't generate a symmetric nor asymmetric key. The presence of the extra fields,
which our STS does not support, causes a wst:BadRequest soap fault.

I could set the KeyType to "http://docs.oasis-open.org/ws-sx/wstrust/200512/Bearer" to indicate
that I want a SAML token to be issued that does not require a proof of possession. This way
the KeySize tag is removed. But it doesn't seem the right use because the proof of possession
is the X.509 certificate used to obtain the SAML token and referred to in the AuthenticationStatement.

http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html#_Toc162064989

> WS-Trust: remove current wst:KeyType and wst:KeySize defaults
> -------------------------------------------------------------
>
>                 Key: CXF-3224
>                 URL: https://issues.apache.org/jira/browse/CXF-3224
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>
> Currently the RST always contains a wst:KeyType and wst:KeySize field. The WS-Trust 1.3
specification says these tags are optional.
> We like CXF to render the following simple RST to ask for a SAML v1.1 token.
>  <wst:RequestSecurityToken Context="abc" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:auth="http://schemas.xmlsoap.org/ws/2006/12/authorization" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>          <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>          <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>          <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2006/12/authorization/authclaims">
>             <auth:ClaimType Uri="urn:be:my_claim_attribute">
>                <auth:Value>1234</auth:Value>
>             </auth:ClaimType>
>          </wst:Claims>
>       </wst:RequestSecurityToken>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message