Andrei Shakirin created CXF-5443:
------------------------------------

             Summary: STS Symmetric HOK: using server endpoint (AppliesTo) as 
certificate identifier to encrypt symmetric key
                 Key: CXF-5443
                 URL: https://issues.apache.org/jira/browse/CXF-5443
             Project: CXF
          Issue Type: New Feature
          Components: STS
    Affects Versions: 3.0.0-milestone1
            Reporter: Andrei Shakirin
            Assignee: Andrei Shakirin
            Priority: Minor


Currently in case of using SAML SymmetricKey HolderOfKey STS should know all 
services certificates for which he issues the tokens.
If I deploy a new service, it is necessary to:
a) add service certificate into STS keystore as trusted entry;
b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean

I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to 
resolve certificates lookup.

We can extend XKMS with new ApplicationId, that service certificates can be 
searched on the base of service endpoint.

STS will recognize this case due a special constant for encryptionName and will 
replace that with AppliesTo attribute.




--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to