[
https://issues.apache.org/jira/browse/CXF-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13286621#comment-13286621
]
Colm O hEigeartaigh commented on CXF-3883:
------------------------------------------
Sounds fine to me.
Colm.
> Support for identity mapping as part of issue token process
> -----------------------------------------------------------
>
> Key: CXF-3883
> URL: https://issues.apache.org/jira/browse/CXF-3883
> Project: CXF
> Issue Type: New Feature
> Components: Services
> Affects Versions: 2.5
> Reporter: Oliver Wulff
>
> The JIRA https://issues.apache.org/jira/browse/CXF-3520 describes the case
> where a CXF consumer has configured a different STS than the issuer
> configured in the IssuedToken assertion of the service provider:
> In this case, the service consumer and provider don't understand the
> identity/subject/principal of the counterpart. First, the consumer gets a
> token from its STS (IDP-STS) which could be a SAML token. Then he requests
> another token from the STS and sends the one issued before as part of the
> WS-Security header.
> The STS must figure out that the sent and requested tokens are from different
> realms (security domains) and must therefore call the configured identity
> mapper which takes as parameters source realm, target realm and source
> principal.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
