Hi, after upgrading from cxd-fediz 3.1.1 to 3.1.2, and to cxd 3.1.11 in the process our service which consumes actAs tokens issued by the STS broke because the security context principal is now being initialized with the identity of the requestor which is the system that requested the IssuedToken - identified by the DN of its public key.
The cause of this issue likely is the fix done by https://issues.apache.org/jira/browse/CXF-7099 - before that the actual actAs user was set as the subject NameID value of the issued token. Is the a way to configure the service to evaluate the actAs attribute instead of the subject NameID as before in order to determine the user identity? Best, Andreas
