cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (JIRA)" <>
Subject [jira] [Resolved] (CXF-5039) IdentityMapping support in ClaimsManager
Date Thu, 30 May 2013 21:28:20 GMT


Oliver Wulff resolved CXF-5039.

    Resolution: Fixed
> IdentityMapping support in ClaimsManager
> ----------------------------------------
>                 Key: CXF-5039
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 2.7.5, 3.0.0
>            Reporter: Oliver Wulff
>            Assignee: Oliver Wulff
>             Fix For: 2.7.6, 3.0.0
> A ClaimsHandler can provide Claim values based on the principal. Usually, the principal
is from a security domain. In a case, where a SAML token is requested on behalf of (OBO) another
SAML token, the security domains of the OBO token can be different than the security domain
of the current issue request.
> Therefore, the ClaimsHandler implementation must first map the username of the source
realm to the target realm and then retrieve the claim values based on the mapped username.
> As the mapping is generic this logic can be embedded in the ClaimsManager.
> If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the supported target
realms and the claim handler realm is defined, the ClaimsManager does the mapping before calling

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message