[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: [jira] [Updated] (WSS-290) Create Principals when processing SAML
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2011-05-31 12:27:47
Message-ID: 244077644.55900.1306844867309.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh updated WSS-290:
------------------------------------
Description:
This task involves creating Principals when processing SAML and BinarySecurityTokens. \
WSS4J currently creates principal objects when processing UsernameTokens, and also \
when using a token to verify a signature. The following rules will apply for \
principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful \
validation of a SAML Assertion. 2) A WSUsernameTokenPrincipal will be created by the \
UsernameTokenProcessor on a successful validation of a Username Token (current \
behaviour). 3) A X500Principal will be created by the BinarySecurityTokenProcessor on \
a successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated. So for \
the BinarySecurityToken case, it is not validated by default and no principal is \
created. 2) If the token is transformed into a SAML Assertion by the validator, then \
a new principal is created and stored in the results set under \
WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal that \
would have been created from the original token before it was transformed.
was:
This task involves creating Principals when processing SAML and BinarySecurityTokens. \
WSS4J currently creates principal objects when processing UsernameTokens, and also \
when using a token to verify a signature. The following rules will apply for \
principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful \
validation of a SAML Assertion. 2) A WSUsernameTokenPrincipal will be created by the \
UsernameTokenProcessor on a successful validation of a Username Token (current \
behaviour). 3) A X500Principal will be created by the BinarySecurityTokenProcessor on \
a successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated. So for \
the BinarySecurityToken case, it is not validated by default and no principal is \
created. 2) If the token is transformed into a SAML Assertion by the validator, then \
a new principal is created and stored in the results set under \
WSSecurityEngineResult.TAG_TRANSFORMED_PRINCIPAL. The original principal is also \
available under TAG_PRINCIPAL.
> Create Principals when processing SAML and BinarySecurityTokens
> ---------------------------------------------------------------
>
> Key: WSS-290
> URL: https://issues.apache.org/jira/browse/WSS-290
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> This task involves creating Principals when processing SAML and \
> BinarySecurityTokens. WSS4J currently creates principal objects when processing \
> UsernameTokens, and also when using a token to verify a signature. The following \
> rules will apply for principal creation: 1) A SAMLTokenPrincipal will be created by \
> the SAMLTokenProcessor on a successful validation of a SAML Assertion. 2) A \
> WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on a \
> successful validation of a Username Token (current behaviour). 3) A X500Principal \
> will be created by the BinarySecurityTokenProcessor on a successful validation of a \
> BinarySecurityToken. Two important points to note are:
> 1) Principals will only be created if the token has been explicitly validated. So \
> for the BinarySecurityToken case, it is not validated by default and no principal \
> is created. 2) If the token is transformed into a SAML Assertion by the validator, \
> then a new principal is created and stored in the results set under \
> WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal \
> that would have been created from the original token before it was transformed.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic