Hi CXF developers, I was looking at the Test Cases for the STS ActAs support (org.apache.cxf.sts.token.provider.SAMLProviderActAsTest). However, they confused me a bit, because in all cases the NameIdentifier ends up being the same as the ActAs attribute Statement. If both have the same value, what would be the added value to the attribute Statement? If I understand the specification correctly ActAs should provide both information, the principal to "act as" as well as the principle acting as the other user.
So does that mean our Test-Cases do not cover this aspect or is our implementation wrong? What should be the expected outcome? Best regards Jan > -----Ursprüngliche Nachricht----- > Von: Jan Bernhardt [mailto:[email protected]] > Gesendet: Mittwoch, 12. Oktober 2016 15:12 > An: [email protected] > Betreff: ActAs implementation from the STS > > Hi CXF Users, > > I'm currently trying to figure out the differences between onBehalfOf and > ActAs token delegation. > And whether the implementation at the STS is correct or not. > > I could not find anything substantial in the WS-Trust specification. > Is our implementation within the STS just a guessing because of missing > specification, or is there some specification I'm not aware of? > > Kind regards > Jan > > -- > Jan Bernhardt > > Talend Community Coder > http://coders.talend.com > > Visit my Blog > https://janbernhardt.blogspot.de
