[ 
https://issues.apache.org/jira/browse/CXF-3225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated CXF-3225:
-------------------------------------

    Fix Version/s: 2.5.1
                   2.4.4
    
> Add support for saml tokens in sp:InitiatorToken
> ------------------------------------------------
>
>                 Key: CXF-3225
>                 URL: https://issues.apache.org/jira/browse/CXF-3225
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.4, 2.5.1
>
>
> Currently CXF does not support SAML tokens to be used as InitiatorToken in 
> Asymmetric bindings, where as the certificate referred to in the SAML 
> assertion signs the message content (eg SAML Holder of Key scenarios).
> chapter 6 Scenario #4 - Holder-of-Key (p28)
> http://www.oasis-open.org/committees/download.php/23071/ws-sp-usecases-examples-draft-11-03.doc
> chapter 2.3.1.5 (WSS1.0) SAML10 Holder of Key, Sign, Optional Encrypt
> http://www.oasis-open.org/committees/download.php/7702/wss-saml-interop1-draft-12.doc
> When the <sp:InitiatorToken> contains an <sp:IssuedToken> or a <sp:SamlToken> 
> instead of <sp:WssX509V3Token10>, CXF signs the request and adds a BST by 
> default. CXF does not ask for a SAML token and it is impossible to construct 
> a message signature which SignatureTokenReference contains a reference to the 
> SAML assertion 
> (http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID)
>    <wsse:SecurityTokenReference wsu:id="STR1">
>     <wsse:KeyIdentifier wsu:id="..."
>       
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";>
>       _a75adf55-01d7-40cc-929f-dbd8372ebdfc
>     </wsse:KeyIdentifier>     
>    </wsse:SecurityTokenReference>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to