You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Andrei Shakirin (JIRA)" <ji...@apache.org> on 2013/12/08 17:42:35 UTC

[jira] [Created] (CXF-5443) STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key

Andrei Shakirin created CXF-5443:
------------------------------------

             Summary: STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
                 Key: CXF-5443
                 URL: https://issues.apache.org/jira/browse/CXF-5443
             Project: CXF
          Issue Type: New Feature
          Components: STS
    Affects Versions: 3.0.0-milestone1
            Reporter: Andrei Shakirin
            Assignee: Andrei Shakirin
            Priority: Minor


Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services certificates for which he issues the tokens.
If I deploy a new service, it is necessary to:
a) add service certificate into STS keystore as trusted entry;
b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean

I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates lookup.

We can extend XKMS with new ApplicationId, that service certificates can be searched on the base of service endpoint.

STS will recognize this case due a special constant for encryptionName and will replace that with AppliesTo attribute.




--
This message was sent by Atlassian JIRA
(v6.1#6144)