You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andrei Shakirin (JIRA)" <ji...@apache.org> on 2013/12/31 11:49:51 UTC
[jira] [Resolved] (CXF-5443) STS Symmetric HOK: using server
endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
[ https://issues.apache.org/jira/browse/CXF-5443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrei Shakirin resolved CXF-5443.
----------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0-milestone2
> STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
> -------------------------------------------------------------------------------------------------------
>
> Key: CXF-5443
> URL: https://issues.apache.org/jira/browse/CXF-5443
> Project: CXF
> Issue Type: New Feature
> Components: STS
> Affects Versions: 3.0.0-milestone1
> Reporter: Andrei Shakirin
> Assignee: Andrei Shakirin
> Priority: Minor
> Fix For: 3.0.0-milestone2
>
>
> Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services certificates for which he issues the tokens.
> If I deploy a new service, it is necessary to:
> a) add service certificate into STS keystore as trusted entry;
> b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean
> I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates lookup.
> We can extend XKMS with new ApplicationId, that service certificates can be searched on the base of service endpoint.
> STS will recognize this case due a special constant for encryptionName and will replace that with AppliesTo attribute.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)