You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/03/22 14:27:05 UTC

[jira] [Commented] (CXF-3224) WS-Trust: remove current wst:KeyType and wst:KeySize defaults

    [ https://issues.apache.org/jira/browse/CXF-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13009639#comment-13009639 ] 

Colm O hEigeartaigh commented on CXF-3224:
------------------------------------------


I've added a boolean parameter to disable sending the (default) KeyType. The KeySize is only set if the KeyType is sent.

Colm.

> WS-Trust: remove current wst:KeyType and wst:KeySize defaults
> -------------------------------------------------------------
>
>                 Key: CXF-3224
>                 URL: https://issues.apache.org/jira/browse/CXF-3224
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.3.1
>            Reporter: Willem Salembier
>             Fix For: 2.4, 2.3.4
>
>
> Currently the RST always contains a wst:KeyType and wst:KeySize field. The WS-Trust 1.3 specification says these tags are optional.
> We like CXF to render the following simple RST to ask for a SAML v1.1 token.
>  <wst:RequestSecurityToken Context="abc" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:auth="http://schemas.xmlsoap.org/ws/2006/12/authorization" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>          <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>          <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
>          <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2006/12/authorization/authclaims">
>             <auth:ClaimType Uri="urn:be:my_claim_attribute">
>                <auth:Value>1234</auth:Value>
>             </auth:ClaimType>
>          </wst:Claims>
>       </wst:RequestSecurityToken>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira