Create Principals when processing SAML and BinarySecurityTokens
---------------------------------------------------------------
Key: WSS-290
URL: https://issues.apache.org/jira/browse/WSS-290
Project: WSS4J
Issue Type: Improvement
Affects Versions: 1.6
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 1.6.1
This task involves creating Principals when processing SAML and
BinarySecurityTokens. WSS4J currently creates principal objects when processing
UsernameTokens, and also when using a token to verify a signature. The
following rules will apply for principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a
successful validation of a SAML Assertion.
2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on
a successful validation of a Username Token (current behaviour).
3) A X500Principal will be created by the BinarySecurityTokenProcessor on a
successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated.
So for the BinarySecurityToken case, it is not validated by default and no
principal is created.
2) If the token is transformed into a SAML Assertion by the validator, then a
new principal is created and stored in the results set under
WSSecurityEngineResult.TAG_TRANSFORMED_PRINCIPAL. The original principal is
also available under TAG_PRINCIPAL.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
