Scott Tustison created KARAF-2364:
-------------------------------------
Summary: org.apache.karaf.jaas.boot.principal.RolePrincipal class
should implement Group, not Principal
Key: KARAF-2364
URL: https://issues.apache.org/jira/browse/KARAF-2364
Project: Karaf
Issue Type: Bug
Affects Versions: 2.3.1
Reporter: Scott Tustison
When using the Karaf JAAS LDAPLoginModule in combination with Apache CXF (or a
similar product), there is no way to determine whether the Principal obtained
from the Subject corresponds to a user or a role(group). CXF
(org.apache.cxf.interceptor.security.DefaultSecurityContext.findPrincipal())
will attempt to pull out a Principal which is not a java.security.acl.Group.
However, since the JAAS login module does not make use of the
java.security.acl.Group interface for its RolePrincipal, there is no way to
determine the correct Principal to use. This can end up with Apache CXF
generating a SAML assertion for a group that belongs to a user instead of the
user itself, which is obviously invalid.
If RolePrincipal implemented Group instead of Principal it would fix this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
