You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2017/07/10 21:07:00 UTC
[jira] [Comment Edited] (FEDIZ-203) Support "roles" scope
[ https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16081153#comment-16081153 ]
Sergey Beryozkin edited comment on FEDIZ-203 at 7/10/17 9:06 PM:
-----------------------------------------------------------------
Jan, it is a bit hard now to see what may and may not need to be changed.
The CXF changes related to the enhancing the list of the profile related claims is all right, but the point Colm made was not about using a SOAP NS but about the fact there's no standard "roles" claim name - it can be "roles" or it can be whatever the Fediz user has configured it to be (via that SOAP NS to a role name mapping). So this typed "roles" needs to go - you can simply use a setClaim(name, value) setter whenever needed.
Re the Fediz changes - I'm really not sure we need that kind of refactoring right now, I'm really not sure I agree with the formalization that ex a first name can only be reported if a scope is requested, etc, or that them but we can happily discuss the next step once we sort out the roles scope issue - lets start with this one only for now and then move on next. I had in mind a very basic change for a start. Let me offer it tomorrow, thanks
was (Author: sergey_beryozkin):
Jan, it is a bit hard now to see what may and may not need to be changed.
The CXF changes related to the enhancing the list of the profile related claims is all right, but the point Colm made was nnot about using a SOAP NS but about the fact there's no statndard "roles" claim name - it can be "roles" or it can be whatever the Fediz user has configured it to be (via that SOAP NS to a role name mapping). So this typed "roles" needs to go - you can simply use a setClaim(name, value) setter whenever needed.
Re the Fediz changes - I'm really not sure we need that kind of refactoring right now, I'm really not sure I agree with the formalization that ex a first name can only be reported if a scope is requested, etc, or that them but we can happily discuss the next step once we sort out the roles scope issue - lets start with this one only for now and then move on next. I had in mind a very basic change for a start. Let me offer it tomorrow, thanks
> Support "roles" scope
> ---------------------
>
> Key: FEDIZ-203
> URL: https://issues.apache.org/jira/browse/FEDIZ-203
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: OIDC
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.4.1
>
> Attachments: cxf.patch, fediz.patch
>
>
> OIDC currently only supports role claims if they are requested as "claims" but not via "scope". Goal of this jira issue is to add support for a "roles" scope.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)