A SAML Token requested OnBehalfOf should hide the actual requestor and should
only contain the OnBehalfOf Identity
------------------------------------------------------------------------------------------------------------------
Key: CXF-3940
URL: https://issues.apache.org/jira/browse/CXF-3940
Project: CXF
Issue Type: Sub-task
Components: Services
Affects Versions: 2.5
Reporter: Jan Bernhardt
As far as I know, to request an OnBehalfOf Token should not simply result in
adding a related SAML Attribute (as it would be ok for ActAs). OnBehalfOf
should deliver a Token where "only" the OnBehalfOf Principal is contained.
Therefor the SAML Subject should match the requested OnBehalfOf Principal and
not the Principal which was authenticated based on the security token sent in
the WS-Security header...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
