Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3928

Add token validation for OnBehalfOf element in TokenIssueOperation

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5
    • 2.5.1
    • Services
    • None
    • Unknown

    Description

      Tokens passed in OnBehalfOf element are not validated. It's the responsibility of the TokenProvider implementation to validate that.

      A proposal has been discussed here:
      http://cxf.547215.n5.nabble.com/STS-OnBehalfOf-token-validation-SAMLTokenProvider-td5003544.html

      OnBehalfOf token validation is moved to the TokenIssueOperation and the ReceivedToken is enhanced with the following attributes:

      • was it a token of ws-security header (like ReceivedToken), onbehalfof, actas
      • successfully validated (it could be a token which depends on other constraints to be fully accepted)
      • original DOM element
      • transformed DOM element (used if the token is passed by ref, also supported by SAML spec)
      • principal (mostly, you only need the principal to issue a new token)

      Attachments

        1. git.diff.patch
          24 kB
          Oliver Wulff
        2. git.diff.patch
          55 kB
          Oliver Wulff

        Issue Links

          supercedes

          Bug - A problem which impairs or prevents the functions of the product. CXF-3929 Present realm ignored by TokenValidateOperation for TokenValidator

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              owulff Oliver Wulff
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: