[jira] [Resolved] (CXF-3588) Validate SAML assertions targeted at JAX-RS endpoints

["Sergey Beryozkin (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CXF-3588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergey Beryozkin resolved CXF-3588.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.5

Basic validation is OK, further improvements will be done later on. Example, SAML tokens passed in headers of GET requests - only 'bearer' will do, we will need to attach signatures to deal with sender-vouches or holder of key, etc... 

> Validate SAML assertions targeted at JAX-RS endpoints 
> ------------------------------------------------------
>
>                 Key: CXF-3588
>                 URL: https://issues.apache.org/jira/browse/CXF-3588
>             Project: CXF
>          Issue Type: Sub-task
>          Components: JAX-RS
>    Affects Versions: 2.5
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 2.5
>
>
> This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.
> How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc... 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira