cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Shakirin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5443) STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
Date Tue, 31 Dec 2013 10:49:51 GMT

     [ https://issues.apache.org/jira/browse/CXF-5443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrei Shakirin resolved CXF-5443.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0-milestone2

> STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt
symmetric key
> -------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-5443
>                 URL: https://issues.apache.org/jira/browse/CXF-5443
>             Project: CXF
>          Issue Type: New Feature
>          Components: STS
>    Affects Versions: 3.0.0-milestone1
>            Reporter: Andrei Shakirin
>            Assignee: Andrei Shakirin
>            Priority: Minor
>             Fix For: 3.0.0-milestone2
>
>
> Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services
certificates for which he issues the tokens.
> If I deploy a new service, it is necessary to:
> a) add service certificate into STS keystore as trusted entry;
> b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean
> I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates
lookup.
> We can extend XKMS with new ApplicationId, that service certificates can be searched
on the base of service endpoint.
> STS will recognize this case due a special constant for encryptionName and will replace
that with AppliesTo attribute.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message