Add token validation for OnBehalfOf element in TokenIssueOperation
------------------------------------------------------------------
Key: CXF-3928
URL: https://issues.apache.org/jira/browse/CXF-3928
Project: CXF
Issue Type: Improvement
Components: Services
Affects Versions: 2.5
Reporter: Oliver Wulff
Tokens passed in OnBehalfOf element are not validated. It's the responsibility
of the TokenProvider implementation to validate that.
A proposal has been discussed here:
http://cxf.547215.n5.nabble.com/STS-OnBehalfOf-token-validation-SAMLTokenProvider-td5003544.html
OnBehalfOf token validation is moved to the TokenIssueOperation and the
ReceivedToken is enhanced with the following attributes:
- was it a token of ws-security header (like ReceivedToken), onbehalfof, actas
- successfully validated (it could be a token which depends on other
constraints to be fully accepted)
- original DOM element
- transformed DOM element (used if the token is passed by ref, also supported
by SAML spec)
- principal (mostly, you only need the principal to issue a new token)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
