Colm O hEigeartaigh created CXF-4330: ----------------------------------------
Summary: Enforce that received IssuedTokens contain the required claims Key: CXF-4330 URL: https://issues.apache.org/jira/browse/CXF-4330 Project: CXF Issue Type: Improvement Components: WS-* Components Affects Versions: 2.6 Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 2.6.1 This task is to enforce that received IssuedTokens contain the required claims. For example, if a service provider defines an IssuedToken with the following policy: <sp:RequestSecurityTokenTemplate> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> <t:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"> <ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/> </t:Claims> </sp:RequestSecurityTokenTemplate> Then the endpoint should ensure that a received SAML 1.1 Assertion contains the desired claim. By default only the "http://schemas.xmlsoap.org/ws/2005/05/identity" dialect is supported. Colm. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira