cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Updated] (CXF-5987) LdapClaimHandler Support for multipart usernames
Date Thu, 30 Apr 2015 15:58:06 GMT


Colm O hEigeartaigh updated CXF-5987:
    Fix Version/s:     (was: 3.1.0)

> LdapClaimHandler Support for multipart usernames
> ------------------------------------------------
>                 Key: CXF-5987
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 3.0.1
>            Reporter: Jan Bernhardt
>              Labels: claims, sts
>             Fix For: 3.1.1
> Currently the LdapClaimHandler is only able to lookup attributes for user with a direct
match of the username and the username in the LDAP directory.
> In case of Kerberos the username looks like this If the user is authenticated
with a Kerberos token at the STS, the LdapClaimHandler is able to extract the username. But
if the username comes from a different token type (e.g. SAML token in a WS-Federation scenario
with initial Kerberos authentication) then the lookup fails.
> Hy proposal would be to extend the LdapClaimHandler in such a way that it is possible
to define a DELIMITER (e.g. '@') which can be used on any token type to extract the username.
An even more generic way, would be to provide the option for an callback handler to map the
username. But for now I would go with the simple solution of a delimiter. ;-)

This message was sent by Atlassian JIRA

View raw message