[
https://issues.apache.org/jira/browse/CXF-5443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrei Shakirin resolved CXF-5443.
----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0-milestone2
> STS Symmetric HOK: using server endpoint (AppliesTo) as certificate
> identifier to encrypt symmetric key
> -------------------------------------------------------------------------------------------------------
>
> Key: CXF-5443
> URL: https://issues.apache.org/jira/browse/CXF-5443
> Project: CXF
> Issue Type: New Feature
> Components: STS
> Affects Versions: 3.0.0-milestone1
> Reporter: Andrei Shakirin
> Assignee: Andrei Shakirin
> Priority: Minor
> Fix For: 3.0.0-milestone2
>
>
> Currently in case of using SAML SymmetricKey HolderOfKey STS should know all
> services certificates for which he issues the tokens.
> If I deploy a new service, it is necessary to:
> a) add service certificate into STS keystore as trusted entry;
> b) configure alias (encryptionUserName) in appropriate STS
> Service/ServiceMBean
> I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to
> resolve certificates lookup.
> We can extend XKMS with new ApplicationId, that service certificates can be
> searched on the base of service endpoint.
> STS will recognize this case due a special constant for encryptionName and
> will replace that with AppliesTo attribute.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
