You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2011/06/14 14:27:47 UTC
[jira] [Created] (CXF-3588) Validate SAML assertions targeted at
JAX-RS endpoints
Validate SAML assertions targeted at JAX-RS endpoints
------------------------------------------------------
Key: CXF-3588
URL: https://issues.apache.org/jira/browse/CXF-3588
Project: CXF
Issue Type: Sub-task
Components: JAX-RS
Affects Versions: 2.5
Reporter: Sergey Beryozkin
Assignee: Sergey Beryozkin
This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.
How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3588) Validate SAML assertions targeted at
JAX-RS endpoints
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-3588.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.5
Basic validation is OK, further improvements will be done later on. Example, SAML tokens passed in headers of GET requests - only 'bearer' will do, we will need to attach signatures to deal with sender-vouches or holder of key, etc...
> Validate SAML assertions targeted at JAX-RS endpoints
> ------------------------------------------------------
>
> Key: CXF-3588
> URL: https://issues.apache.org/jira/browse/CXF-3588
> Project: CXF
> Issue Type: Sub-task
> Components: JAX-RS
> Affects Versions: 2.5
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.5
>
>
> This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.
> How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira