Fixed here for the record: https://issues.apache.org/jira/browse/CXF-7099
Colm. On Tue, Oct 18, 2016 at 8:50 AM, Jan Bernhardt <jbernha...@talend.com> wrote: > Hi CXF developers, > > I was looking at the Test Cases for the STS ActAs support > (org.apache.cxf.sts.token.provider.SAMLProviderActAsTest). > However, they confused me a bit, because in all cases the NameIdentifier > ends up being the same as the ActAs attribute Statement. > If both have the same value, what would be the added value to the > attribute Statement? > If I understand the specification correctly ActAs should provide both > information, the principal to "act as" as well as the principle acting as > the other user. > > So does that mean our Test-Cases do not cover this aspect or is our > implementation wrong? > What should be the expected outcome? > > Best regards > Jan > > > -----Ursprüngliche Nachricht----- > > Von: Jan Bernhardt [mailto:jbernha...@talend.com] > > Gesendet: Mittwoch, 12. Oktober 2016 15:12 > > An: us...@cxf.apache.org > > Betreff: ActAs implementation from the STS > > > > Hi CXF Users, > > > > I'm currently trying to figure out the differences between onBehalfOf and > > ActAs token delegation. > > And whether the implementation at the STS is correct or not. > > > > I could not find anything substantial in the WS-Trust specification. > > Is our implementation within the STS just a guessing because of missing > > specification, or is there some specification I'm not aware of? > > > > Kind regards > > Jan > > > > -- > > Jan Bernhardt > > > > Talend Community Coder > > http://coders.talend.com > > > > Visit my Blog > > https://janbernhardt.blogspot.de > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com