cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <>
Subject [jira] Commented: (CXF-3225) Add support for saml tokens in sp:InitiatorToken
Date Fri, 31 Dec 2010 14:23:45 GMT


Glen Mazza commented on CXF-3225:

We've had some very recent improvements in that area[1], the upcoming 2.3.2 (you can work
with the SNAPSHOT version if you wish to take a look at it) can generate SecurityTokenReferences
of the format you've given.  We would definitely welcome more testing here, as this code is
very new.  However, I'm not sure where we are right now with the rest of your needs--i.e.,
whether the changes in 2.3.2 fully fix your concerns above.


> Add support for saml tokens in sp:InitiatorToken
> ------------------------------------------------
>                 Key: CXF-3225
>                 URL:
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
> Currently CXF does not support SAML tokens to be used as InitiatorToken in Asymmetric
bindings, where as the certificate referred to in the SAML assertion signs the message content
(eg SAML Holder of Key scenarios).
> chapter 6 Scenario #4 - Holder-of-Key (p28)
> chapter (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
> When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken>
instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by default. CXF
does not ask for a SAML token and it is impossible to construct a message signature which
SignatureTokenReference contains a reference to the SAML assertion (
>    <wsse:SecurityTokenReference wsu:id="STR1">
>     <wsse:KeyIdentifier wsu:id="..."
>       ValueType="">
>       _a75adf55-01d7-40cc-929f-dbd8372ebdfc
>     </wsse:KeyIdentifier>	
>    </wsse:SecurityTokenReference>

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message