Hi Oli
On 05/02/14 19:42, Oliver Wulff wrote:
Hi there
The STSTokenValidator is used to validate incoming credentials (ex.
username/password) against the STS. The STSTokenValidator can be used for
authentication for web services as well a REST services.
REST security is already very enhanced to support claims based access control
which requires that the service provider knows the user claims like from a SAML
token. This could also be achieved for incoming username/passwords by issuing a
SAML token with a configurable list of claims.
The STSTokenValidator uses the STS validate binding which doesn't support to
validate a token and provide additional claims in the returned SAML token.
There are two options:
1) Make the binding configurable in the STSTokenValidator (validate/issue) and
configure the list of claims, appliesto element, lifetime etc. for the issue
use case
2) Enhance the validate binding use case on the STS and in the
STSTokenValidator to configure the list of claims, appliesto element, lifetime
etc.
WDYT?
It appears to me that STS is where the extra metadata like claims can be
attached so I guess I'm more for the 2nd case, I looked at the code and
apparently STSTokenValidator supports the case of STS transforming a token.
Look forward to Colm commenting on it
Thanks, Sergey
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division
http://www.talend.com
