cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5039) IdentityMapping support in ClaimsManager
Date Sat, 25 May 2013 11:29:19 GMT
Oliver Wulff created CXF-5039:
---------------------------------

             Summary: IdentityMapping support in ClaimsManager
                 Key: CXF-5039
                 URL: https://issues.apache.org/jira/browse/CXF-5039
             Project: CXF
          Issue Type: Improvement
          Components: STS
    Affects Versions: 2.7.5, 3.0.0
            Reporter: Oliver Wulff
            Assignee: Oliver Wulff


A ClaimsHandler can provide Claim values based on the principal. Usually, the principal is
from a security domain. In a case, where a SAML token is requested on behalf of (OBO) another
SAML token, the security domains of the OBO token can be different than the security domain
of the current issue request.

Therefore, the ClaimsHandler implementation must first map the username of the source realm
to the target realm and then retrieve the claim values based on the mapped username.

As the mapping is generic this logic can be embedded in the ClaimsManager.

If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the supported target
realms and the claim handler realm is defined, the ClaimsManager does the mapping before calling
retrieveClaimValues.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message