[
https://issues.apache.org/jira/browse/CXF-5039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Wulff resolved CXF-5039.
-------------------------------
Resolution: Fixed
> IdentityMapping support in ClaimsManager
> ----------------------------------------
>
> Key: CXF-5039
> URL: https://issues.apache.org/jira/browse/CXF-5039
> Project: CXF
> Issue Type: Improvement
> Components: STS
> Affects Versions: 2.7.5, 3.0.0
> Reporter: Oliver Wulff
> Assignee: Oliver Wulff
> Fix For: 2.7.6, 3.0.0
>
>
> A ClaimsHandler can provide Claim values based on the principal. Usually, the
> principal is from a security domain. In a case, where a SAML token is
> requested on behalf of (OBO) another SAML token, the security domains of the
> OBO token can be different than the security domain of the current issue
> request.
> Therefore, the ClaimsHandler implementation must first map the username of
> the source realm to the target realm and then retrieve the claim values based
> on the mapped username.
> As the mapping is generic this logic can be embedded in the ClaimsManager.
> If a ClaimsHandler implements a new Interface (ex. RealmSupport) and the
> supported target realms and the claim handler realm is defined, the
> ClaimsManager does the mapping before calling retrieveClaimValues.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
