Hi Andrei, this is my understanding also. Just the implementation from CXF did not reflect this behavior before it is now fixed with CXF-7099. Before that NameId and ActAs Attribute Statement contained both the actAs Principal only.
Best regards Jan > -----Ursprüngliche Nachricht----- > Von: Andrei Shakirin [mailto:[email protected]] > Gesendet: Mittwoch, 19. Oktober 2016 18:43 > An: [email protected] > Betreff: RE: ActAs implementation from the STS > > Hi Jan, > > My understanding is that ActAs contains both information: the requestor and > user represented by the token in the ActAs element. > OnBehalfOf conatins only information about user represented by the token > in the OnBehalfOf element. > > Regards, > Andrei. > > > -----Original Message----- > > From: Jan Bernhardt [mailto:[email protected]] > > Sent: Mittwoch, 12. Oktober 2016 15:12 > > To: [email protected] > > Subject: ActAs implementation from the STS > > > > Hi CXF Users, > > > > I'm currently trying to figure out the differences between onBehalfOf > > and ActAs token delegation. > > And whether the implementation at the STS is correct or not. > > > > I could not find anything substantial in the WS-Trust specification. > > Is our implementation within the STS just a guessing because of > > missing specification, or is there some specification I'm not aware of? > > > > Kind regards > > Jan > > > > -- > > Jan Bernhardt > > > > Talend Community Coder > > http://coders.talend.com > > > > Visit my Blog > > https://janbernhardt.blogspot.de
