[CXF-4330] Enforce that received IssuedTokens contain the required claims - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6
Fix Version/s: 2.6.1
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

This task is to enforce that received IssuedTokens contain the required claims. For example, if a service provider defines an IssuedToken with the following policy:

<sp:RequestSecurityTokenTemplate>
<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
<t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
<t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>
</t:Claims> </sp:RequestSecurityTokenTemplate>

Then the endpoint should ensure that a received SAML 1.1 Assertion contains the desired claim. By default only the "http://schemas.xmlsoap.org/ws/2005/05/identity" dialect is supported.

Colm.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/May/12 15:41

Updated:: 05/Jun/12 13:31

Resolved:: 21/May/12 16:03