cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <>
Subject [jira] [Resolved] (FEDIZ-168) Support SAML Token without Audience Restriction
Date Wed, 01 Jun 2016 13:10:59 GMT


Jan Bernhardt resolved FEDIZ-168.
    Resolution: Fixed

You can now add the following line to your application configuration:

<property name="enableAppliesTo" value="false" />

to disable the audience restriction within the SAML Token.

> Support SAML Token without Audience Restriction
> -----------------------------------------------
>                 Key: FEDIZ-168
>                 URL:
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP, Plugin
>    Affects Versions: 1.3.0, 1.2.2
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>             Fix For: 1.3.1
> Currently Fediz only supports SAML with an audience restriction. However the standard
only requires audience restriction validation if this value is present within the SAML token.
If no audience restriction is set, this token should be valid for any service.
> Especially in cases when the Login SAML token should be used to login to a webpage and
the same token can be used to authenticate the user against backend services, an audience
restriction could be disturbing.
> Fediz Plugin should accept SAML token without audience restrictions as valid (if all
other security requirements are met) and the Fediz IDP should be configurable to request SAML
token from the STS without audience restrictions.

This message was sent by Atlassian JIRA

View raw message