As far as I know, all of this functionality is already available. Take a look at the TransformationTest here:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java?view=markup This uses the STSTokenValidator to transform a UsernameToken into a SAML Assertion. Note the configuration of the service, you can just manually configure an STSClient Object to send whatever Claims etc. you want: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/transformation/cxf-service.xml?view=markup Colm. On Wed, Feb 5, 2014 at 9:13 PM, Sergey Beryozkin <[email protected]>wrote: > Hi Oli > > On 05/02/14 19:42, Oliver Wulff wrote: > >> Hi there >> >> The STSTokenValidator is used to validate incoming credentials (ex. >> username/password) against the STS. The STSTokenValidator can be used for >> authentication for web services as well a REST services. >> >> REST security is already very enhanced to support claims based access >> control which requires that the service provider knows the user claims like >> from a SAML token. This could also be achieved for incoming >> username/passwords by issuing a SAML token with a configurable list of >> claims. >> >> The STSTokenValidator uses the STS validate binding which doesn't support >> to validate a token and provide additional claims in the returned SAML >> token. >> >> There are two options: >> >> 1) Make the binding configurable in the STSTokenValidator >> (validate/issue) and configure the list of claims, appliesto element, >> lifetime etc. for the issue use case >> >> 2) Enhance the validate binding use case on the STS and in the >> STSTokenValidator to configure the list of claims, appliesto element, >> lifetime etc. >> >> WDYT? >> >> It appears to me that STS is where the extra metadata like claims can be > attached so I guess I'm more for the 2nd case, I looked at the code and > apparently STSTokenValidator supports the case of STS transforming a token. > Look forward to Colm commenting on it > > Thanks, Sergey > > > Thanks >> Oli >> >> >> >> ------ >> >> Oliver Wulff >> >> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> >> Solution Architect >> http://coders.talend.com >> >> <http://coders.talend.com>Talend Application Integration Division >> http://www.talend.com >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
