[jira] Resolved: (CXF-2909) WS-T / WS-SP sp:RequestSecurityTokenTemplate not using wst:SecondaryParameters

Tue, 27 Jul 2010 06:00:54 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Valeri resolved CXF-2909.
-------------------------------

    Resolution: Fixed

> WS-T / WS-SP sp:RequestSecurityTokenTemplate not using  
> wst:SecondaryParameters
> -------------------------------------------------------------------------------
>
>                 Key: CXF-2909
>                 URL: https://issues.apache.org/jira/browse/CXF-2909
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3, 2.2.10
>            Reporter: David Valeri
>            Assignee: David Valeri
>             Fix For: 2.3, 2.2.10
>
>
> Per the WS-SP 1.2 spec, section 5.4.2, "This required element contains 
> elements which MUST be copied into the wst:SecondaryParameters of the RST 
> request sent to the specified issuer. Note: the initiator is not required to 
> understand the contents of this element."
> The STS client copies these values directly into the body of the 
> wst:RequestSecurityToken element in the request to the STS.
> So this policy:
> {code:xml}
> <sp:IssuedTokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
>   <sp:RequestSecurityTokenTemplate>
>     
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </sp:RequestSecurityTokenTemplate>
> </sp:IssuedToken>
> {code}
> Becomes this request:
> {code:xml}
> <wst:RequestSecurityToken>
>   ...
>   
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>   <wst:AppliesTo>
>     <wsp:URI>service-1</wsp:URI>
>   </wst:AppliesTo>
>   <wst:Participants>
>     <wst:Participant>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:Participant>
>   </wst:Participants>
>   
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   ...
> </wst:RequestSecurityToken>
> {code}
> Instead of: 
> {code}
> <wst:RequestSecurityToken>
>   ...
>   <wst:SecondaryParameters>
>   
> <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
>     <wst:AppliesTo>
>       <wsp:URI>service-1</wsp:URI>
>     </wst:AppliesTo>
>     <wst:Participants>
>       <wst:Participant>
>         <wsp:URI>service-1</wsp:URI>
>       </wst:Participant>
>     </wst:Participants>
>     
> <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</wst:KeyType>
>   </wst:SecondaryParameters>
>   ...
> </wst:RequestSecurityToken>
> {code}
> WS-Trust 1.0 and WS-SP 1.0 do not support the wst:SecondaryParameters element 
> so backwards compatibility should be retained per the interopfest samples.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to