Return-Path: <issues-return-42952-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id EC4C3200CC1
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 10 Jul 2017 20:24:10 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id B0A01165AA5; Mon, 10 Jul 2017 18:24:10 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 03A6A165A8E
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 10 Jul 2017 20:24:09 +0200 (CEST)
Received: (qmail 60526 invoked by uid 500); 10 Jul 2017 18:24:09 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 60414 invoked by uid 99); 10 Jul 2017 18:24:08 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Jul 2017 18:24:08 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 0F1D2193E85
	for <issues@cxf.apache.org>; Mon, 10 Jul 2017 18:24:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id Xtgma44USMJ4 for <issues@cxf.apache.org>;
	Mon, 10 Jul 2017 18:24:07 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id EF6AA627D1
	for <issues@cxf.apache.org>; Mon, 10 Jul 2017 18:14:04 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 8F4EBE0D71
	for <issues@cxf.apache.org>; Mon, 10 Jul 2017 18:14:03 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id CA97424698
	for <issues@cxf.apache.org>; Mon, 10 Jul 2017 18:14:01 +0000 (UTC)
Date: Mon, 10 Jul 2017 18:14:01 +0000 (UTC)
From: "Jan Bernhardt (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.13085874.1499676072000.209697.1499710441823@Atlassian.JIRA>
In-Reply-To: <JIRA.13085874.1499676072000@Atlassian.JIRA>
References: <JIRA.13085874.1499676072000@Atlassian.JIRA> <JIRA.13085874.1499676072527@jira-lw-us.apache.org>
Subject: [jira] [Commented] (FEDIZ-203) Support "roles" scope
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Mon, 10 Jul 2017 18:24:11 -0000


    [ https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16080785#comment-16080785 ] 

Jan Bernhardt commented on FEDIZ-203:
-------------------------------------

According to [1] scopes can and are used to map 1:many claim values. I refactored the code so that this mapping is included now in the FedizSubjectCreator.

Once my tests are done, I'll attach my patch files to this issue so that you can review my changes, before I push them to master.

The current handling of roles with the SOAP Namespace did not look convenient to me so I refactored this part also to support "roles" by default. Of course it will still be possible to use another name for this, by applying a custom mapping. I know that the standard does not provide a name specification, but I think "roles" still fits better to an OIDC/OAuth UseCase as the SOAP Namespace which is also not a real standard by the way. ;-)

[1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

> Support "roles" scope
> ---------------------
>
>                 Key: FEDIZ-203
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-203
>             Project: CXF-Fediz
>          Issue Type: New Feature
>          Components: OIDC
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>             Fix For: 1.4.1
>
>
> OIDC currently only supports role claims if they are requested as "claims" but not via "scope". Goal of this jira issue is to add support for a "roles" scope.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)