You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2016/08/12 09:18:20 UTC

[jira] [Closed] (FEDIZ-168) Support SAML Token without Audience Restriction

     [ https://issues.apache.org/jira/browse/FEDIZ-168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh closed FEDIZ-168.
-------------------------------------

> Support SAML Token without Audience Restriction
> -----------------------------------------------
>
>                 Key: FEDIZ-168
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-168
>             Project: CXF-Fediz
>          Issue Type: Improvement
>          Components: IDP, Plugin
>    Affects Versions: 1.3.0, 1.2.2
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>             Fix For: 1.2.3, 1.3.1
>
>
> Currently Fediz only supports SAML with an audience restriction. However the standard only requires audience restriction validation if this value is present within the SAML token. If no audience restriction is set, this token should be valid for any service.
> Especially in cases when the Login SAML token should be used to login to a webpage and the same token can be used to authenticate the user against backend services, an audience restriction could be disturbing.
> Fediz Plugin should accept SAML token without audience restrictions as valid (if all other security requirements are met) and the Fediz IDP should be configurable to request SAML token from the STS without audience restrictions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)