cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Resolved] (CXF-3588) Validate SAML assertions targeted at JAX-RS endpoints
Date Fri, 09 Sep 2011 12:41:10 GMT


Sergey Beryozkin resolved CXF-3588.

       Resolution: Fixed
    Fix Version/s: 2.5

Basic validation is OK, further improvements will be done later on. Example, SAML tokens passed
in headers of GET requests - only 'bearer' will do, we will need to attach signatures to deal
with sender-vouches or holder of key, etc... 

> Validate SAML assertions targeted at JAX-RS endpoints 
> ------------------------------------------------------
>                 Key: CXF-3588
>                 URL:
>             Project: CXF
>          Issue Type: Sub-task
>          Components: JAX-RS
>    Affects Versions: 2.5
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 2.5
> This task is about ensuring that SAML assertions can be validated either in-place, example
by checking the assertion signature against a client cert in case of two-way TLS or by delegating
to STS client for confirming it recognizes the assertion which it must've issued in the first
> How SAML assertion will be associated with the current request is not yet finalized.
SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact
representing an STS response containing the assertion passed in and then get a compliant IDP
resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding.

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message