[
https://issues.apache.org/jira/browse/CXF-5987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-5987:
-------------------------------------
Fix Version/s: (was: 3.1.0)
3.1.1
> LdapClaimHandler Support for multipart usernames
> ------------------------------------------------
>
> Key: CXF-5987
> URL: https://issues.apache.org/jira/browse/CXF-5987
> Project: CXF
> Issue Type: Improvement
> Components: STS
> Affects Versions: 3.0.1
> Reporter: Jan Bernhardt
> Labels: claims, sts
> Fix For: 3.1.1
>
>
> Currently the LdapClaimHandler is only able to lookup attributes for user
> with a direct match of the username and the username in the LDAP directory.
> In case of Kerberos the username looks like this [email protected]. If the user
> is authenticated with a Kerberos token at the STS, the LdapClaimHandler is
> able to extract the username. But if the username comes from a different
> token type (e.g. SAML token in a WS-Federation scenario with initial Kerberos
> authentication) then the lookup fails.
> Hy proposal would be to extend the LdapClaimHandler in such a way that it is
> possible to define a DELIMITER (e.g. '@') which can be used on any token type
> to extract the username. An even more generic way, would be to provide the
> option for an callback handler to map the username. But for now I would go
> with the simple solution of a delimiter. ;-)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
