Return-Path: 
 <issues-return-25760-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B4947DC71
	for <apmail-cxf-issues-archive@www.apache.org>;
 Sat, 25 May 2013 11:29:21 +0000 (UTC)
Received: (qmail 51861 invoked by uid 500); 25 May 2013 11:29:21 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 51757 invoked by uid 500); 25 May 2013 11:29:21 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 51724 invoked by uid 99); 25 May 2013 11:29:20 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 May 2013 11:29:20 +0000
Date: Sat, 25 May 2013 11:29:19 +0000 (UTC)
From: "Oliver Wulff (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12649446.1369481345605.22440.1369481359910@arcas>
In-Reply-To: <JIRA.12649446.1369481345605@arcas>
References: <JIRA.12649446.1369481345605@arcas>
Subject: [jira] [Created] (CXF-5039) IdentityMapping support in
 ClaimsManager
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Oliver Wulff created CXF-5039:
---------------------------------

             Summary: IdentityMapping support in ClaimsManager
                 Key: CXF-5039
                 URL: https://issues.apache.org/jira/browse/CXF-5039
             Project: CXF
          Issue Type: Improvement
          Components: STS
    Affects Versions: 2.7.5, 3.0.0
            Reporter: Oliver Wulff
            Assignee: Oliver Wulff


A ClaimsHandler can provide Claim values based on the principal. Usually, the principal is from a security domain. In a case, where a SAML token is requested on behalf of (OBO) another SAML token, the security domains of the OBO token can be different than the security domain of the current issue request.

Therefore, the ClaimsHandler implementation must first map the username of the source realm to the target realm and then retrieve the claim values based on the mapped username.

As the mapping is generic this logic can be embedded in the ClaimsManager.

If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the supported target realms and the claim handler realm is defined, the ClaimsManager does the mapping before calling retrieveClaimValues.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira