cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Chappell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5664) CXF STS does not support wst:Participants
Date Fri, 04 Apr 2014 19:00:23 GMT

    [ https://issues.apache.org/jira/browse/CXF-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960286#comment-13960286
] 

Stephen Chappell commented on CXF-5664:
---------------------------------------

> The question is whether the other participants should be added under the same AudienceRestriction
as the AppliesTo 
> address? Should we ignore the AppliesTo address if we have explicit participants? If
we have multiple participants, 
> should they go into the same AudienceRestriction Object (as multiple audiences), or should
we have multiple 
> AudienceRestrictions per participant?

The requirements that I am working to require that both AppliesTo and Participants (including
the Primary) are added to an AudienceRestriction elements. It also appears that there's an
AudienceRestriciton element for each Participant (and AppliesTo) element. So given a choice,
that's what I'd be looking for.

I think it would be more broadly applicable though if this sort of thing were configurable,
or left for to be implemented through derived objects that let the implementor choose. 

> CXF STS does not support wst:Participants
> -----------------------------------------
>
>                 Key: CXF-5664
>                 URL: https://issues.apache.org/jira/browse/CXF-5664
>             Project: CXF
>          Issue Type: Bug
>          Components: STS
>    Affects Versions: 2.7.8, 2.7.9, 2.7.10
>            Reporter: Stephen Chappell
>            Assignee: Colm O hEigeartaigh
>              Labels: features, security
>
> The CXF STS does not recognize the wst:Participants element within a wst:RequestSecurityToken,
and instead throws a BadRequest SOAP fault. The Participants element should be parsed and
added to the list of AudienceRestrictions in the issued token.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message