You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/05/31 15:54:47 UTC

[jira] [Resolved] (WSS-290) Create Principals when processing SAML and BinarySecurityTokens

     [ https://issues.apache.org/jira/browse/WSS-290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved WSS-290.
-------------------------------------

    Resolution: Fixed

> Create Principals when processing SAML and BinarySecurityTokens
> ---------------------------------------------------------------
>
>                 Key: WSS-290
>                 URL: https://issues.apache.org/jira/browse/WSS-290
>             Project: WSS4J
>          Issue Type: Improvement
>    Affects Versions: 1.6
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.6.1
>
>
> This task involves creating Principals when processing SAML and BinarySecurityTokens. WSS4J currently creates principal objects when processing UsernameTokens, and also when using a token to verify a signature. The following rules will apply for principal creation:
> 1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful validation of a SAML Assertion.
> 2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on a successful validation of a Username Token (current behaviour).
> 3) A X500Principal will be created by the BinarySecurityTokenProcessor on a successful validation of a BinarySecurityToken.
> Two important points to note are:
> 1) Principals will only be created if the token has been explicitly validated. So for the BinarySecurityToken case, it is not validated by default and no principal is created. 
> 2) If the token is transformed into a SAML Assertion by the validator, then a new principal is created and stored in the results set under WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal that would have been created from the original token before it was transformed.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org