[
https://issues.apache.org/jira/browse/KARAF-2364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13689892#comment-13689892
]
Michael Menousek commented on KARAF-2364:
-----------------------------------------
Thanks [~ffang]. We'll give it a shot.
> org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement
> Group, not Principal
> ----------------------------------------------------------------------------------------------
>
> Key: KARAF-2364
> URL: https://issues.apache.org/jira/browse/KARAF-2364
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 2.3.1
> Reporter: Scott Tustison
> Assignee: Freeman Fang
>
> When using the Karaf JAAS LDAPLoginModule in combination with Apache CXF (or
> a similar product), there is no way to determine whether the Principal
> obtained from the Subject corresponds to a user or a role(group). CXF
> (org.apache.cxf.interceptor.security.DefaultSecurityContext.findPrincipal())
> will attempt to pull out a Principal which is not a java.security.acl.Group.
> However, since the JAAS login module does not make use of the
> java.security.acl.Group interface for its RolePrincipal, there is no way to
> determine the correct Principal to use. This can end up with Apache CXF
> generating a SAML assertion for a group that belongs to a user instead of the
> user itself, which is obviously invalid.
> If RolePrincipal implemented Group instead of Principal it would fix this
> issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
