[jira] [Updated] (CXF-5251) Implement more stringent requirements on allowing OnBehalfOf/ActAs in the STS

Thu, 05 Sep 2013 10:38:09 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-5251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated CXF-5251:
-------------------------------------

    Description: This task is to implement more stringent requirements on 
allowing OnBehalfOf/ActAs in the STS. A new interface will be introduced to 
determine whether or not is is allowed to issue a new token OnBehalfOf/ActAs 
some other token. To support either of these things in the STS it will be 
necessary to plug in a TokenDelegationHandler implementation to handle a 
specific token. Implementations are provided in the STS for SAML Tokens and 
UsernameTokens.  (was: 
This task is to implement more stringent requirements on allowing 
OnBehalfOf/ActAs in the STS. A new interface will be introduced to determine 
whether or not is is allowed to issue a new token OnBehalfOf/ActAs some other 
token. A default implementation will disallow everything apart from a SAML 
Bearer token. In addition, the AppliesTo address (if sent) must be the same as 
one of the existing Audience Restriction addresses (if they exist).)
    
> Implement more stringent requirements on allowing OnBehalfOf/ActAs in the STS
> -----------------------------------------------------------------------------
>
>                 Key: CXF-5251
>                 URL: https://issues.apache.org/jira/browse/CXF-5251
>             Project: CXF
>          Issue Type: Improvement
>          Components: STS
>    Affects Versions: 2.7.6
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.6.10, 2.7.7
>
>
> This task is to implement more stringent requirements on allowing 
> OnBehalfOf/ActAs in the STS. A new interface will be introduced to determine 
> whether or not is is allowed to issue a new token OnBehalfOf/ActAs some other 
> token. To support either of these things in the STS it will be necessary to 
> plug in a TokenDelegationHandler implementation to handle a specific token. 
> Implementations are provided in the STS for SAML Tokens and UsernameTokens.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to