cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Populating security context principal from actAs attribute
Date Thu, 27 Jul 2017 11:28:27 GMT
Hi Andreas,

Yes, you can simply override the DefaultSubjectProvider.getPrincipal method
+ return the principal from
providerParameters.getTokenRequirements().getActAs() instead:

Then set this new implementation on the SAMLTokenProvider:


On Wed, Jul 26, 2017 at 10:47 PM, Andreas Vallen <>

> Hi,
> after upgrading from cxd-fediz 3.1.1 to 3.1.2, and to cxd 3.1.11 in the
> process our service which consumes actAs tokens issued by the STS broke
> because the security context principal is now being initialized with the
> identity of the requestor which is the system that requested the
> IssuedToken - identified by the DN of its public key.
> The cause of this issue likely is the fix done by
> - before that the actual
> actAs user was set as the subject NameID value of the issued token.
> Is the a way to configure the service to evaluate the actAs attribute
> instead of the subject NameID as before in order to determine the user
> identity?
> Best,
> Andreas

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message