Return-Path: 
 <issues-return-26166-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BE24010B29
	for <apmail-cxf-issues-archive@www.apache.org>;
 Tue,  2 Jul 2013 21:07:20 +0000 (UTC)
Received: (qmail 36412 invoked by uid 500); 2 Jul 2013 21:07:20 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 36341 invoked by uid 500); 2 Jul 2013 21:07:20 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 36332 invoked by uid 99); 2 Jul 2013 21:07:20 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jul 2013 21:07:20 +0000
Date: Tue, 2 Jul 2013 21:07:20 +0000 (UTC)
From: "Oliver Wulff (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12528845.1319622909632.201214.1372799240533@arcas>
In-Reply-To: <JIRA.12528845.1319622909632@arcas>
References: <JIRA.12528845.1319622909632@arcas>
Subject: [jira] [Updated] (CXF-3883) Support for identity mapping as part of
 issue token process
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CXF-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oliver Wulff updated CXF-3883:
------------------------------

    Fix Version/s: 2.7.6
    
> Support for identity mapping as part of issue token process
> -----------------------------------------------------------
>
>                 Key: CXF-3883
>                 URL: https://issues.apache.org/jira/browse/CXF-3883
>             Project: CXF
>          Issue Type: New Feature
>          Components: STS
>    Affects Versions: 2.5
>            Reporter: Oliver Wulff
>            Assignee: Oliver Wulff
>             Fix For: 2.7.6
>
>
> The JIRA https://issues.apache.org/jira/browse/CXF-3520 describes the case where a CXF consumer has configured a different STS than the issuer configured in the IssuedToken assertion of the service provider:
> In this case, the service consumer and provider don't understand the identity/subject/principal of the counterpart. First, the consumer gets a token from its STS (IDP-STS) which could be a SAML token. Then he requests another token from the STS and sends the one issued before as part of the WS-Security header.
> The STS must figure out that the sent and requested tokens are from different realms (security domains) and must therefore call the configured identity mapper which takes as parameters source realm, target realm and source principal.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira