You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andrei Shakirin (JIRA)" <ji...@apache.org> on 2013/12/08 17:42:35 UTC
[jira] [Created] (CXF-5443) STS Symmetric HOK: using server
endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
Andrei Shakirin created CXF-5443:
------------------------------------
Summary: STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
Key: CXF-5443
URL: https://issues.apache.org/jira/browse/CXF-5443
Project: CXF
Issue Type: New Feature
Components: STS
Affects Versions: 3.0.0-milestone1
Reporter: Andrei Shakirin
Assignee: Andrei Shakirin
Priority: Minor
Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services certificates for which he issues the tokens.
If I deploy a new service, it is necessary to:
a) add service certificate into STS keystore as trusted entry;
b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean
I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates lookup.
We can extend XKMS with new ApplicationId, that service certificates can be searched on the base of service endpoint.
STS will recognize this case due a special constant for encryptionName and will replace that with AppliesTo attribute.
--
This message was sent by Atlassian JIRA
(v6.1#6144)