[jira] Created: (CXF-2909) WS-T / WS-SP sp:RequestSecurityTokenTemplate not using > wst:SecondaryParameters

Mon, 26 Jul 2010 13:09:39 -0700 

WS-T / WS-SP sp:RequestSecurityTokenTemplate not using  > 
wst:SecondaryParameters
---------------------------------------------------------------------------------

                 Key: CXF-2909
                 URL: https://issues.apache.org/jira/browse/CXF-2909
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.3, 2.2.10
            Reporter: David Valeri
             Fix For: 2.3, 2.2.10


Per the WS-SP 1.2 spec, section 5.4.2, "This required element contains elements 
which MUST be copied into the wst:SecondaryParameters of the RST request sent 
to the specified issuer. Note: the initiator is not required to understand the 
contents of this element."

The STS client copies these values directly into the body of the 
wst:RequestSecurityToken element in the request to the STS.

So this policy:
{code:xml}
<sp:IssuedTokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
  <sp:RequestSecurityTokenTemplate>
    
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
    <wst:AppliesTo>
      <wsp:URI>service-1</wsp:URI>
    </wst:AppliesTo>
    <wst:Participants>
      <wst:Participant>
        <wsp:URI>service-1</wsp:URI>
      </wst:Participant>
    </wst:Participants>
    
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  </sp:RequestSecurityTokenTemplate>
</sp:IssuedToken>
{code}
Becomes this request:
{code:xml}
<wst:RequestSecurityToken>
  ...
  
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
  <wst:AppliesTo>
    <wsp:URI>service-1</wsp:URI>
  </wst:AppliesTo>
  <wst:Participants>
    <wst:Participant>
      <wsp:URI>service-1</wsp:URI>
    </wst:Participant>
  </wst:Participants>
  
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  ...
</wst:RequestSecurityToken>
{code}
Instead of: 
{code}
<wst:RequestSecurityToken>
  ...
  <wst:SecondaryParameters>
  
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
    <wst:AppliesTo>
      <wsp:URI>service-1</wsp:URI>
    </wst:AppliesTo>
    <wst:Participants>
      <wst:Participant>
        <wsp:URI>service-1</wsp:URI>
      </wst:Participant>
    </wst:Participants>
    
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
  </wst:SecondaryParameters>
  ...
</wst:RequestSecurityToken>
{code}

WS-Trust 1.0 and WS-SP 1.0 do not support the wst:SecondaryParameters element 
so backwards compatibility should be retained per the interopfest samples.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to