You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Rich Newcomb (JIRA)" <ji...@apache.org> on 2010/08/04 20:41:17 UTC
[jira] Created: (CXF-2928) Request to add a configuration option
that allows STSClient to use the requester's X509Certificate as the
SubjectConfirmation KeyInfo data within RequestSecurityToken messages
Request to add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: CXF-2928
URL: https://issues.apache.org/jira/browse/CXF-2928
Project: CXF
Issue Type: Improvement
Affects Versions: 2.3, 2.2.10
Reporter: Rich Newcomb
Fix For: 2.3, 2.2.10
Request to expand the CXF STSClient to support a configuration option that enables an X509Certificate to be used as the saml:SubjectConfirmation KeyInfo element when making a WS-Trust RequestSecurityToken request.
Rationale is as follows:
1. The SAML 1.1 specification is flexible with regard to the type of XMLSignature KeyInfo (ds:KeyInfo) that may provided in a saml:SubjectConfirmation element to support the holder-of-key confirmation method.
2. Some relying parties require an X509 Certificate to be provided in the assertion confirmation data in order to perfom validation. For example, any relying party that uses WSS4J version 1.5.8 or earlier for SAML assertion validation (with holder-of-key conf) requires the X509 Certificate to exist in the subject confirmation data.
3. Accordingly, some STS implementations allow RequestSecurityToken ds:KeyInfo element to optionally contain either a ds:X509Certificate or the corresponding ds:KeyValue for the public key within the RequestSecurityToken message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CXF-2928) Add a configuration option that allows
STSClient to use the requester's X509Certificate as the SubjectConfirmation
KeyInfo data within RequestSecurityToken messages
Posted by "Rich Newcomb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rich Newcomb updated CXF-2928:
------------------------------
Attachment: cxf-2928-trunk.patch
Attached patch
> Add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2928
> URL: https://issues.apache.org/jira/browse/CXF-2928
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.3, 2.2.10
> Reporter: Rich Newcomb
> Fix For: 2.3, 2.2.10
>
> Attachments: cxf-2928-trunk.patch
>
>
> Request to expand the CXF STSClient to support a configuration option that enables an X509Certificate to be used as the saml:SubjectConfirmation KeyInfo element when making a WS-Trust RequestSecurityToken request.
> Rationale is as follows:
> 1. The SAML 1.1 specification is flexible with regard to the type of XMLSignature KeyInfo (ds:KeyInfo) that may provided in a saml:SubjectConfirmation element to support the holder-of-key confirmation method.
> 2. Some relying parties require an X509 Certificate to be provided in the assertion confirmation data in order to perfom validation. For example, any relying party that uses WSS4J version 1.5.8 or earlier for SAML assertion validation (with holder-of-key conf) requires the X509 Certificate to exist in the subject confirmation data.
> 3. Accordingly, some STS implementations allow RequestSecurityToken ds:KeyInfo element to optionally contain either a ds:X509Certificate or the corresponding ds:KeyValue for the public key within the RequestSecurityToken message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CXF-2928) Add a configuration option that allows
STSClient to use the requester's X509Certificate as the SubjectConfirmation
KeyInfo data within RequestSecurityToken messages
Posted by "David Valeri (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Valeri resolved CXF-2928.
-------------------------------
Resolution: Fixed
Patch applied. Thank you Rich.
> Add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2928
> URL: https://issues.apache.org/jira/browse/CXF-2928
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.3, 2.2.10
> Reporter: Rich Newcomb
> Assignee: David Valeri
> Fix For: 2.3, 2.2.10
>
> Attachments: cxf-2928-trunk.patch
>
>
> Request to expand the CXF STSClient to support a configuration option that enables an X509Certificate to be used as the saml:SubjectConfirmation KeyInfo element when making a WS-Trust RequestSecurityToken request.
> Rationale is as follows:
> 1. The SAML 1.1 specification is flexible with regard to the type of XMLSignature KeyInfo (ds:KeyInfo) that may provided in a saml:SubjectConfirmation element to support the holder-of-key confirmation method.
> 2. Some relying parties require an X509 Certificate to be provided in the assertion confirmation data in order to perfom validation. For example, any relying party that uses WSS4J version 1.5.8 or earlier for SAML assertion validation (with holder-of-key conf) requires the X509 Certificate to exist in the subject confirmation data.
> 3. Accordingly, some STS implementations allow RequestSecurityToken ds:KeyInfo element to optionally contain either a ds:X509Certificate or the corresponding ds:KeyValue for the public key within the RequestSecurityToken message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CXF-2928) Add a configuration option that allows
STSClient to use the requester's X509Certificate as the SubjectConfirmation
KeyInfo data within RequestSecurityToken messages
Posted by "Rich Newcomb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rich Newcomb updated CXF-2928:
------------------------------
Summary: Add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages (was: Request to add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages)
> Add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2928
> URL: https://issues.apache.org/jira/browse/CXF-2928
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.3, 2.2.10
> Reporter: Rich Newcomb
> Fix For: 2.3, 2.2.10
>
>
> Request to expand the CXF STSClient to support a configuration option that enables an X509Certificate to be used as the saml:SubjectConfirmation KeyInfo element when making a WS-Trust RequestSecurityToken request.
> Rationale is as follows:
> 1. The SAML 1.1 specification is flexible with regard to the type of XMLSignature KeyInfo (ds:KeyInfo) that may provided in a saml:SubjectConfirmation element to support the holder-of-key confirmation method.
> 2. Some relying parties require an X509 Certificate to be provided in the assertion confirmation data in order to perfom validation. For example, any relying party that uses WSS4J version 1.5.8 or earlier for SAML assertion validation (with holder-of-key conf) requires the X509 Certificate to exist in the subject confirmation data.
> 3. Accordingly, some STS implementations allow RequestSecurityToken ds:KeyInfo element to optionally contain either a ds:X509Certificate or the corresponding ds:KeyValue for the public key within the RequestSecurityToken message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CXF-2928) Add a configuration option that allows
STSClient to use the requester's X509Certificate as the SubjectConfirmation
KeyInfo data within RequestSecurityToken messages
Posted by "David Valeri (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-2928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Valeri reassigned CXF-2928:
---------------------------------
Assignee: David Valeri
> Add a configuration option that allows STSClient to use the requester's X509Certificate as the SubjectConfirmation KeyInfo data within RequestSecurityToken messages
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2928
> URL: https://issues.apache.org/jira/browse/CXF-2928
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.3, 2.2.10
> Reporter: Rich Newcomb
> Assignee: David Valeri
> Fix For: 2.3, 2.2.10
>
> Attachments: cxf-2928-trunk.patch
>
>
> Request to expand the CXF STSClient to support a configuration option that enables an X509Certificate to be used as the saml:SubjectConfirmation KeyInfo element when making a WS-Trust RequestSecurityToken request.
> Rationale is as follows:
> 1. The SAML 1.1 specification is flexible with regard to the type of XMLSignature KeyInfo (ds:KeyInfo) that may provided in a saml:SubjectConfirmation element to support the holder-of-key confirmation method.
> 2. Some relying parties require an X509 Certificate to be provided in the assertion confirmation data in order to perfom validation. For example, any relying party that uses WSS4J version 1.5.8 or earlier for SAML assertion validation (with holder-of-key conf) requires the X509 Certificate to exist in the subject confirmation data.
> 3. Accordingly, some STS implementations allow RequestSecurityToken ds:KeyInfo element to optionally contain either a ds:X509Certificate or the corresponding ds:KeyValue for the public key within the RequestSecurityToken message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.