cxf git commit: If UserInfo is not signed then returning issuer/aud claims is not recommended

Wed, 09 Dec 2015 08:17:21 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 86a0eca9d -> 36ebac7b2


If UserInfo is not signed then returning issuer/aud claims is not recommended


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/36ebac7b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/36ebac7b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/36ebac7b

Branch: refs/heads/3.1.x-fixes
Commit: 36ebac7b230f8b48d098c580b6774a91f1844854
Parents: 86a0eca
Author: Sergey Beryozkin <[email protected]>
Authored: Wed Dec 9 16:09:31 2015 +0000
Committer: Sergey Beryozkin <[email protected]>
Committed: Wed Dec 9 16:11:24 2015 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/rs/security/oidc/idp/UserInfoService.java  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/36ebac7b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index b898593..a3d682d 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -74,8 +74,11 @@ public class UserInfoService extends 
AbstractOAuthServerJoseJwtProducer {
     protected UserInfo createFromIdToken(IdToken idToken) {
         UserInfo userInfo = new UserInfo();
         userInfo.setSubject(idToken.getSubject());
-        userInfo.setIssuer(idToken.getIssuer());
-        userInfo.setAudience(idToken.getAudience());
+        
+        if (super.isJwsRequired()) {
+            userInfo.setIssuer(idToken.getIssuer());
+            userInfo.setAudience(idToken.getAudience());
+        }
         if (idToken.getName() != null) {
             userInfo.setName(idToken.getName());
         }

Reply via email to