cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Bernhardt (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FEDIZ-203) Support "roles" scope
Date Mon, 10 Jul 2017 18:14:01 GMT

    [ https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16080785#comment-16080785
] 

Jan Bernhardt commented on FEDIZ-203:
-------------------------------------

According to [1] scopes can and are used to map 1:many claim values. I refactored the code
so that this mapping is included now in the FedizSubjectCreator.

Once my tests are done, I'll attach my patch files to this issue so that you can review my
changes, before I push them to master.

The current handling of roles with the SOAP Namespace did not look convenient to me so I refactored
this part also to support "roles" by default. Of course it will still be possible to use another
name for this, by applying a custom mapping. I know that the standard does not provide a name
specification, but I think "roles" still fits better to an OIDC/OAuth UseCase as the SOAP
Namespace which is also not a real standard by the way. ;-)

[1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

> Support "roles" scope
> ---------------------
>
>                 Key: FEDIZ-203
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-203
>             Project: CXF-Fediz
>          Issue Type: New Feature
>          Components: OIDC
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>             Fix For: 1.4.1
>
>
> OIDC currently only supports role claims if they are requested as "claims" but not via
"scope". Goal of this jira issue is to add support for a "roles" scope.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message