Oliver Wulff created CXF-5039:
---------------------------------
Summary: IdentityMapping support in ClaimsManager
Key: CXF-5039
URL: https://issues.apache.org/jira/browse/CXF-5039
Project: CXF
Issue Type: Improvement
Components: STS
Affects Versions: 2.7.5, 3.0.0
Reporter: Oliver Wulff
Assignee: Oliver Wulff
A ClaimsHandler can provide Claim values based on the principal. Usually, the
principal is from a security domain. In a case, where a SAML token is requested
on behalf of (OBO) another SAML token, the security domains of the OBO token
can be different than the security domain of the current issue request.
Therefore, the ClaimsHandler implementation must first map the username of the
source realm to the target realm and then retrieve the claim values based on
the mapped username.
As the mapping is generic this logic can be embedded in the ClaimsManager.
If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the
supported target realms and the claim handler realm is defined, the
ClaimsManager does the mapping before calling retrieveClaimValues.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
