You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/05/31 14:27:47 UTC
[jira] [Updated] (WSS-290) Create Principals when processing SAML
and BinarySecurityTokens
[ https://issues.apache.org/jira/browse/WSS-290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-290:
------------------------------------
Description:
This task involves creating Principals when processing SAML and BinarySecurityTokens. WSS4J currently creates principal objects when processing UsernameTokens, and also when using a token to verify a signature. The following rules will apply for principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful validation of a SAML Assertion.
2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on a successful validation of a Username Token (current behaviour).
3) A X500Principal will be created by the BinarySecurityTokenProcessor on a successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated. So for the BinarySecurityToken case, it is not validated by default and no principal is created.
2) If the token is transformed into a SAML Assertion by the validator, then a new principal is created and stored in the results set under WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal that would have been created from the original token before it was transformed.
was:
This task involves creating Principals when processing SAML and BinarySecurityTokens. WSS4J currently creates principal objects when processing UsernameTokens, and also when using a token to verify a signature. The following rules will apply for principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful validation of a SAML Assertion.
2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on a successful validation of a Username Token (current behaviour).
3) A X500Principal will be created by the BinarySecurityTokenProcessor on a successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated. So for the BinarySecurityToken case, it is not validated by default and no principal is created.
2) If the token is transformed into a SAML Assertion by the validator, then a new principal is created and stored in the results set under WSSecurityEngineResult.TAG_TRANSFORMED_PRINCIPAL. The original principal is also available under TAG_PRINCIPAL.
> Create Principals when processing SAML and BinarySecurityTokens
> ---------------------------------------------------------------
>
> Key: WSS-290
> URL: https://issues.apache.org/jira/browse/WSS-290
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> This task involves creating Principals when processing SAML and BinarySecurityTokens. WSS4J currently creates principal objects when processing UsernameTokens, and also when using a token to verify a signature. The following rules will apply for principal creation:
> 1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a successful validation of a SAML Assertion.
> 2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on a successful validation of a Username Token (current behaviour).
> 3) A X500Principal will be created by the BinarySecurityTokenProcessor on a successful validation of a BinarySecurityToken.
> Two important points to note are:
> 1) Principals will only be created if the token has been explicitly validated. So for the BinarySecurityToken case, it is not validated by default and no principal is created.
> 2) If the token is transformed into a SAML Assertion by the validator, then a new principal is created and stored in the results set under WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal that would have been created from the original token before it was transformed.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org