Add support for saml tokens in sp:InitiatorToken
------------------------------------------------
Key: CXF-3225
URL: https://issues.apache.org/jira/browse/CXF-3225
Project: CXF
Issue Type: New Feature
Components: WS-* Components
Affects Versions: 2.3.1
Reporter: Willem Salembier
Currently CXF does not support SAML tokens to be used as InitiatorToken in
Asymmetric bindings, where as the certificate referred to in the SAML assertion
signs the message content (eg SAML Holder of Key scenarios).
chapter 6 Scenario #4 - Holder-of-Key (p28)
http://www.oasis-open.org/committees/download.php/23071/ws-sp-usecases-examples-draft-11-03.doc
chapter 2.3.1.5 (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
http://www.oasis-open.org/committees/download.php/7702/wss-saml-interop1-draft-12.doc
When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken>
instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by
default. CXF does not ask for a SAML token and it is impossible to construct a
message signature which SignatureTokenReference contains a reference to the
SAML assertion
(http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID)
<wsse:SecurityTokenReference wsu:id="STR1">
<wsse:KeyIdentifier wsu:id="..."
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>
_a75adf55-01d7-40cc-929f-dbd8372ebdfc
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
