Add support for an Issued Token extracted from a SAML assertion
---------------------------------------------------------------
Key: CXF-3236
URL: https://issues.apache.org/jira/browse/CXF-3236
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.3.1
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.3.2, 2.4
CXF cannot currently support the following use-case:
A service endpoint has a security policy consisting of a sp:SymmetricBinding
which uses a (SAML) sp:IssuedToken as the sp:ProtectionToken. A client parses
this, and obtains the appropriate SAML token from an STS, which it sends to the
service endpoint, securing the message appropriately. The service endpoint can
process the request, but it falls down on the reply as it does not know how to
get access to the Issued Token to secure the message reply.
A patch to WSS4J to save the secret key extracted from the SAML assertion is
here (https://issues.apache.org/jira/browse/WSS-263). A patch is required to
CXF to parse the result set and save the appropriate token.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
