[
https://issues.apache.org/jira/browse/WSS-290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated WSS-290:
------------------------------------
Description:
This task involves creating Principals when processing SAML and
BinarySecurityTokens. WSS4J currently creates principal objects when processing
UsernameTokens, and also when using a token to verify a signature. The
following rules will apply for principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a
successful validation of a SAML Assertion.
2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on
a successful validation of a Username Token (current behaviour).
3) A X500Principal will be created by the BinarySecurityTokenProcessor on a
successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated.
So for the BinarySecurityToken case, it is not validated by default and no
principal is created.
2) If the token is transformed into a SAML Assertion by the validator, then a
new principal is created and stored in the results set under
WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the principal
that would have been created from the original token before it was transformed.
was:
This task involves creating Principals when processing SAML and
BinarySecurityTokens. WSS4J currently creates principal objects when processing
UsernameTokens, and also when using a token to verify a signature. The
following rules will apply for principal creation:
1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a
successful validation of a SAML Assertion.
2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor on
a successful validation of a Username Token (current behaviour).
3) A X500Principal will be created by the BinarySecurityTokenProcessor on a
successful validation of a BinarySecurityToken.
Two important points to note are:
1) Principals will only be created if the token has been explicitly validated.
So for the BinarySecurityToken case, it is not validated by default and no
principal is created.
2) If the token is transformed into a SAML Assertion by the validator, then a
new principal is created and stored in the results set under
WSSecurityEngineResult.TAG_TRANSFORMED_PRINCIPAL. The original principal is
also available under TAG_PRINCIPAL.
> Create Principals when processing SAML and BinarySecurityTokens
> ---------------------------------------------------------------
>
> Key: WSS-290
> URL: https://issues.apache.org/jira/browse/WSS-290
> Project: WSS4J
> Issue Type: Improvement
> Affects Versions: 1.6
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.1
>
>
> This task involves creating Principals when processing SAML and
> BinarySecurityTokens. WSS4J currently creates principal objects when
> processing UsernameTokens, and also when using a token to verify a signature.
> The following rules will apply for principal creation:
> 1) A SAMLTokenPrincipal will be created by the SAMLTokenProcessor on a
> successful validation of a SAML Assertion.
> 2) A WSUsernameTokenPrincipal will be created by the UsernameTokenProcessor
> on a successful validation of a Username Token (current behaviour).
> 3) A X500Principal will be created by the BinarySecurityTokenProcessor on a
> successful validation of a BinarySecurityToken.
> Two important points to note are:
> 1) Principals will only be created if the token has been explicitly
> validated. So for the BinarySecurityToken case, it is not validated by
> default and no principal is created.
> 2) If the token is transformed into a SAML Assertion by the validator, then a
> new principal is created and stored in the results set under
> WSSecurityEngineResult.TAG_PRINCIPAL. In other words, it replaces the
> principal that would have been created from the original token before it was
> transformed.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
