[
https://issues.apache.org/jira/browse/CXF-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Bernhardt updated CXF-3923:
-------------------------------
Comment: was deleted
(was: As far as I know, to request an OnBehalfOf Token should not simply result
in adding a related SAML Attribute (as it would be ok for ActAs). OnBehalfOf
should deliver a Token where "only" the OnBehalfOf Principal is contained.
Therefor the SAML Subject should match the requested OnBehalfOf Principal and
not the Principal which was authenticated based on the security token sent in
the WS-Security header...)
> Support for OnBehalfOf in SAMLTokenProvider
> -------------------------------------------
>
> Key: CXF-3923
> URL: https://issues.apache.org/jira/browse/CXF-3923
> Project: CXF
> Issue Type: New Feature
> Components: Services
> Affects Versions: 2.5
> Reporter: Oliver Wulff
> Assignee: Colm O hEigeartaigh
> Fix For: 2.5.1
>
> Attachments: patch.git.diff
>
>
> The SAMLTokenProvider supports to issue a SAML token based on the
> authenticated principal in the RST which means the security token sent in the
> WS-Security header.
> It is not supported that the client requests a SAML token OnBehalfOf another
> SAML token.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
