Colm O hEigeartaigh created CXF-4330:
----------------------------------------
Summary: Enforce that received IssuedTokens contain the required
claims
Key: CXF-4330
URL: https://issues.apache.org/jira/browse/CXF-4330
Project: CXF
Issue Type: Improvement
Components: WS-* Components
Affects Versions: 2.6
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.6.1
This task is to enforce that received IssuedTokens contain the required claims.
For example, if a service provider defines an IssuedToken with the following
policy:
<sp:RequestSecurityTokenTemplate>
<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
<t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
<t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";>
<ic:ClaimType
Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>
</t:Claims>
</sp:RequestSecurityTokenTemplate>
Then the endpoint should ensure that a received SAML 1.1 Assertion contains the
desired claim. By default only the
"http://schemas.xmlsoap.org/ws/2005/05/identity"; dialect is supported.
Colm.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
