[jira] [Resolved] (CXF-3940) A SAML Token requested OnBehalfOf should hide the actual requestor and should only contain the OnBehalfOf Identity

Tue, 29 Nov 2011 07:23:02 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-3940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Bernhardt resolved CXF-3940.
--------------------------------

    Resolution: Fixed

Will be fixed by applying patch provided here:

https://issues.apache.org/jira/browse/CXF-3928
                
> A SAML Token requested OnBehalfOf should hide the actual requestor and should 
> only contain the OnBehalfOf Identity
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-3940
>                 URL: https://issues.apache.org/jira/browse/CXF-3940
>             Project: CXF
>          Issue Type: Sub-task
>          Components: Services
>    Affects Versions: 2.5
>            Reporter: Jan Bernhardt
>              Labels: SAML, WS-Trust, sts
>             Fix For: 2.5.1
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> As far as I know, to request an OnBehalfOf Token should not simply result in 
> adding a related SAML Attribute (as it would be ok for ActAs). OnBehalfOf 
> should deliver a Token where "only" the OnBehalfOf Principal is contained. 
> Therefor the SAML Subject should match the requested OnBehalfOf Principal and 
> not the Principal which was authenticated based on the security token sent in 
> the WS-Security header...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to