cxf git commit: If UserInfo is not signed then returning issuer/aud claims is not recommended

Wed, 09 Dec 2015 08:15:20 -0800 

Repository: cxf
Updated Branches:
  refs/heads/master a95f63ae4 -> c983dfcd6


If UserInfo is not signed then returning issuer/aud claims is not recommended


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c983dfcd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c983dfcd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c983dfcd

Branch: refs/heads/master
Commit: c983dfcd6c9ec969ff472d596a81ac3884ee0645
Parents: a95f63a
Author: Sergey Beryozkin <[email protected]>
Authored: Wed Dec 9 16:09:31 2015 +0000
Committer: Sergey Beryozkin <[email protected]>
Committed: Wed Dec 9 16:09:31 2015 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/rs/security/oidc/idp/UserInfoService.java  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c983dfcd/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index b898593..a3d682d 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -74,8 +74,11 @@ public class UserInfoService extends 
AbstractOAuthServerJoseJwtProducer {
     protected UserInfo createFromIdToken(IdToken idToken) {
         UserInfo userInfo = new UserInfo();
         userInfo.setSubject(idToken.getSubject());
-        userInfo.setIssuer(idToken.getIssuer());
-        userInfo.setAudience(idToken.getAudience());
+        
+        if (super.isJwsRequired()) {
+            userInfo.setIssuer(idToken.getIssuer());
+            userInfo.setAudience(idToken.getAudience());
+        }
         if (idToken.getName() != null) {
             userInfo.setName(idToken.getName());
         }

Reply via email to