cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5039) IdentityMapping support in ClaimsManager
Date Thu, 30 May 2013 21:28:20 GMT

     [ https://issues.apache.org/jira/browse/CXF-5039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oliver Wulff resolved CXF-5039.
-------------------------------

    Resolution: Fixed
    
> IdentityMapping support in ClaimsManager
> ----------------------------------------
>
>                 Key: CXF-5039
>                 URL: https://issues.apache.org/jira/browse/CXF-5039
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 2.7.5, 3.0.0
>            Reporter: Oliver Wulff
>            Assignee: Oliver Wulff
>             Fix For: 2.7.6, 3.0.0
>
>
> A ClaimsHandler can provide Claim values based on the principal. Usually, the principal
is from a security domain. In a case, where a SAML token is requested on behalf of (OBO) another
SAML token, the security domains of the OBO token can be different than the security domain
of the current issue request.
> Therefore, the ClaimsHandler implementation must first map the username of the source
realm to the target realm and then retrieve the claim values based on the mapped username.
> As the mapping is generic this logic can be embedded in the ClaimsManager.
> If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the supported target
realms and the claim handler realm is defined, the ClaimsManager does the mapping before calling
retrieveClaimValues.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message