[
https://issues.apache.org/jira/browse/CXF-3236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-3236:
-------------------------------------
Attachment: cxf-3234-tentative.patch
Here is a *tentative* patch for this issue. I've tested it and a CXF endpoint
can now secure the reply to the client appropriately.
> Add support for an Issued Token extracted from a SAML assertion
> ---------------------------------------------------------------
>
> Key: CXF-3236
> URL: https://issues.apache.org/jira/browse/CXF-3236
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.3.1
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 2.3.2, 2.4
>
> Attachments: cxf-3234-tentative.patch
>
>
> CXF cannot currently support the following use-case:
> A service endpoint has a security policy consisting of a sp:SymmetricBinding
> which uses a (SAML) sp:IssuedToken as the sp:ProtectionToken. A client parses
> this, and obtains the appropriate SAML token from an STS, which it sends to
> the service endpoint, securing the message appropriately. The service
> endpoint can process the request, but it falls down on the reply as it does
> not know how to get access to the Issued Token to secure the message reply.
> A patch to WSS4J to save the secret key extracted from the SAML assertion is
> here (https://issues.apache.org/jira/browse/WSS-263). A patch is required to
> CXF to parse the result set and save the appropriate token.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
