cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Shakirin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5443) STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
Date Sun, 08 Dec 2013 16:42:35 GMT
Andrei Shakirin created CXF-5443:
------------------------------------

             Summary: STS Symmetric HOK: using server endpoint (AppliesTo) as certificate
identifier to encrypt symmetric key
                 Key: CXF-5443
                 URL: https://issues.apache.org/jira/browse/CXF-5443
             Project: CXF
          Issue Type: New Feature
          Components: STS
    Affects Versions: 3.0.0-milestone1
            Reporter: Andrei Shakirin
            Assignee: Andrei Shakirin
            Priority: Minor


Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services certificates
for which he issues the tokens.
If I deploy a new service, it is necessary to:
a) add service certificate into STS keystore as trusted entry;
b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean

I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates
lookup.

We can extend XKMS with new ApplicationId, that service certificates can be searched on the
base of service endpoint.

STS will recognize this case due a special constant for encryptionName and will replace that
with AppliesTo attribute.




--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message