You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/04/02 16:59:15 UTC

[jira] [Commented] (CXF-5664) CXF STS does not support wst:Participants

    [ https://issues.apache.org/jira/browse/CXF-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13957724#comment-13957724 ] 

Colm O hEigeartaigh commented on CXF-5664:
------------------------------------------


I've merged an update where the RequestParser parses a wst:Participants object into a "Participants" class, which stores a primary participants (Object) and a list of other participant (objects). This Participants object is available to the token providers in the standard way.

> The Participants element should be parsed and added to the list of AudienceRestrictions in the issued token.

Currently we create a single AudienceRestriction from the AppliesTo URI sent in the request (if applicable). I would suggest that we don't add the primary participant to the AudienceRestrictions, as my interpretation of the spec is that the primary participant here is the client.

The question is whether the other participants should be added under the same AudienceRestriction as the AppliesTo address? Should we ignore the AppliesTo address if we have explicit participants? If we have multiple participants, should they go into the same AudienceRestriction Object (as multiple audiences), or should we have multiple AudienceRestrictions per participant?

Colm.


> CXF STS does not support wst:Participants
> -----------------------------------------
>
>                 Key: CXF-5664
>                 URL: https://issues.apache.org/jira/browse/CXF-5664
>             Project: CXF
>          Issue Type: Bug
>          Components: STS
>    Affects Versions: 2.7.8, 2.7.9, 2.7.10
>            Reporter: Stephen Chappell
>              Labels: features, security
>
> The CXF STS does not recognize the wst:Participants element within a wst:RequestSecurityToken, and instead throws a BadRequest SOAP fault. The Participants element should be parsed and added to the list of AudienceRestrictions in the issued token.



--
This message was sent by Atlassian JIRA
(v6.2#6252)