Hello All, I am looking to customize the 'Conditions' of a SAML assertion according to the requirements I received.
For a background on my CXF STS bean configuration, you can refer to this post: http://cxf.547215.n5.nabble.com/Signing-SAML-token-in-STS-Namespace-issue-tc5718851.html In my token provider, I manually create the conditions statement using DOM prior to signing my Assertion. For example: <saml:Conditions NotBefore="2012-11-23T15:00:00.938Z" NotOnOrAfter="2012-11-23T15:05:00.938Z"> <saml:AudienceRestriction> <saml:Audience>https://someCustomAudience</saml:Audience> </saml:AudienceRestriction> <saml:Condition xmlns:delegate="urn:oasis:names:tc:SAML:2.0:conditions:delegation"> <delegate:Delegate DelegationInstant="2012-11-23T15:00:19.938Z"> <NameID>Some delegate Name ID of my choosing</NameID> </delegate:Delegate> </saml:Condition> </saml:Conditions> However, these conditions are replaced by the DefaultConditionsProvider after the assertion is signed. For example: <Conditions NotBefore="2012-11-21T17:11:06.315Z" NotOnOrAfter="2012-11-21T17:16:06.315Z"/> I could implement my own ConditionsProvider: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ConditionsProvider.java?view=markup However, the ConditionsBean only allows you to set AudienceURI, notBefore, and notAfter. The ConditionsBean looks like it gets converted to a SAML2 Conditions Object by the SAML2ComponentBuilder in the createConditions method. I don't see any hooks in there to create a custom element such as the delegate element. Is there any way using the CXF STS framework where I can customize the 'Conditions' element in the Assertion. I can set the Audience Restriction, Not Before, Not After in a custom Conditions Provider but don't see how to create a 'delegate' element. Thanks, Yogesh -- View this message in context: http://cxf.547215.n5.nabble.com/Customizing-Conditions-in-CXF-STS-tp5719270.html Sent from the cxf-user mailing list archive at Nabble.com.
