You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2011/06/14 14:27:47 UTC

[jira] [Created] (CXF-3588) Validate SAML assertions targeted at JAX-RS endpoints

Validate SAML assertions targeted at JAX-RS endpoints 
------------------------------------------------------

                 Key: CXF-3588
                 URL: https://issues.apache.org/jira/browse/CXF-3588
             Project: CXF
          Issue Type: Sub-task
          Components: JAX-RS
    Affects Versions: 2.5
            Reporter: Sergey Beryozkin
            Assignee: Sergey Beryozkin


This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.

How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc... 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CXF-3588) Validate SAML assertions targeted at JAX-RS endpoints

Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-3588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergey Beryozkin resolved CXF-3588.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.5

Basic validation is OK, further improvements will be done later on. Example, SAML tokens passed in headers of GET requests - only 'bearer' will do, we will need to attach signatures to deal with sender-vouches or holder of key, etc... 

> Validate SAML assertions targeted at JAX-RS endpoints 
> ------------------------------------------------------
>
>                 Key: CXF-3588
>                 URL: https://issues.apache.org/jira/browse/CXF-3588
>             Project: CXF
>          Issue Type: Sub-task
>          Components: JAX-RS
>    Affects Versions: 2.5
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 2.5
>
>
> This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.
> How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc... 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira