You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "David Valeri (JIRA)" <ji...@apache.org> on 2010/07/26 22:32:16 UTC

[jira] Assigned: (CXF-2909) WS-T / WS-SP sp:RequestSecurityTokenTemplate not using > wst:SecondaryParameters

     [ https://issues.apache.org/jira/browse/CXF-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Valeri reassigned CXF-2909:
---------------------------------

    Assignee: David Valeri

> WS-T / WS-SP sp:RequestSecurityTokenTemplate not using  > wst:SecondaryParameters
> ---------------------------------------------------------------------------------
>
>                 Key: CXF-2909
>                 URL: https://issues.apache.org/jira/browse/CXF-2909
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3, 2.2.10
>            Reporter: David Valeri
>            Assignee: David Valeri
>             Fix For: 2.3, 2.2.10
>
>
> Per the WS-SP 1.2 spec, section 5.4.2, "This required element contains elements which MUST be copied into the wst:SecondaryParameters of the RST request sent to the specified issuer. Note: the initiator is not required to understand the contents of this element."
> The STS client copies these values directly into the body of the wst:RequestSecurityToken element in the request to the STS.
> So this policy:
> {code:xml}
> <sp:IssuedTokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
>   <sp:RequestSecurityTokenTemplate>
>     <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </sp:RequestSecurityTokenTemplate>
> </sp:IssuedToken>
> {code}
> Becomes this request:
> {code:xml}
> <wst:RequestSecurityToken>
>   ...
>   <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>   <wst:AppliesTo>
>     <wsp:URI>service-1</wsp:URI>
>   </wst:AppliesTo>
>   <wst:Participants>
>     <wst:Participant>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:Participant>
>   </wst:Participants>
>   <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   ...
> </wst:RequestSecurityToken>
> {code}
> Instead of: 
> {code}
> <wst:RequestSecurityToken>
>   ...
>   <wst:SecondaryParameters>
>   <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </wst:SecondaryParameters>
>   ...
> </wst:RequestSecurityToken>
> {code}
> WS-Trust 1.0 and WS-SP 1.0 do not support the wst:SecondaryParameters element so backwards compatibility should be retained per the interopfest samples.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.