You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2011/09/09 14:41:10 UTC
[jira] [Resolved] (CXF-3588) Validate SAML assertions targeted at
JAX-RS endpoints
[ https://issues.apache.org/jira/browse/CXF-3588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-3588.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.5
Basic validation is OK, further improvements will be done later on. Example, SAML tokens passed in headers of GET requests - only 'bearer' will do, we will need to attach signatures to deal with sender-vouches or holder of key, etc...
> Validate SAML assertions targeted at JAX-RS endpoints
> ------------------------------------------------------
>
> Key: CXF-3588
> URL: https://issues.apache.org/jira/browse/CXF-3588
> Project: CXF
> Issue Type: Sub-task
> Components: JAX-RS
> Affects Versions: 2.5
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.5
>
>
> This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.
> How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira