[jira] Commented: (CXF-3225) Add support for saml tokens in sp:InitiatorToken

Fri, 31 Dec 2010 06:24:15 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-3225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976263#action_12976263
 ] 

Glen Mazza commented on CXF-3225:
---------------------------------

We've had some very recent improvements in that area[1], the upcoming 2.3.2 
(you can work with the SNAPSHOT version if you wish to take a look at it) can 
generate SecurityTokenReferences of the format you've given.  We would 
definitely welcome more testing here, as this code is very new.  However, I'm 
not sure where we are right now with the rest of your needs--i.e., whether the 
changes in 2.3.2 fully fix your concerns above.

[1] http://coheigea.blogspot.com/2010/12/cxfmetro-ws-trust-interop.html

> Add support for saml tokens in sp:InitiatorToken
> ------------------------------------------------
>
>                 Key: CXF-3225
>                 URL: https://issues.apache.org/jira/browse/CXF-3225
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>
> Currently CXF does not support SAML tokens to be used as InitiatorToken in 
> Asymmetric bindings, where as the certificate referred to in the SAML 
> assertion signs the message content (eg SAML Holder of Key scenarios).
> chapter 6 Scenario #4 - Holder-of-Key (p28)
> http://www.oasis-open.org/committees/download.php/23071/ws-sp-usecases-examples-draft-11-03.doc
> chapter 2.3.1.5 (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
> http://www.oasis-open.org/committees/download.php/7702/wss-saml-interop1-draft-12.doc
> When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken> 
> instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by 
> default. CXF does not ask for a SAML token and it is impossible to construct 
> a message signature which SignatureTokenReference contains a reference to the 
> SAML assertion 
> (http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID)
>    <wsse:SecurityTokenReference wsu:id="STR1">
>     <wsse:KeyIdentifier wsu:id="..."
>       
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>
>       _a75adf55-01d7-40cc-929f-dbd8372ebdfc
>     </wsse:KeyIdentifier>     
>    </wsse:SecurityTokenReference>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to