Jan Bernhardt created FEDIZ-168:
-----------------------------------
Summary: Support SAML Token without Audience Restriction
Key: FEDIZ-168
URL: https://issues.apache.org/jira/browse/FEDIZ-168
Project: CXF-Fediz
Issue Type: Improvement
Components: IDP, Plugin
Affects Versions: 1.2.2, 1.3.0
Reporter: Jan Bernhardt
Assignee: Jan Bernhardt
Fix For: 1.3.1
Currently Fediz only supports SAML with an audience restriction. However the
standard only requires audience restriction validation if this value is present
within the SAML token. If no audience restriction is set, this token should be
valid for any service.
Especially in cases when the Login SAML token should be used to login to a
webpage and the same token can be used to authenticate the user against backend
services, an audience restriction could be disturbing.
Fediz Plugin should accept SAML token without audience restrictions as valid
(if all other security requirements are met) and the Fediz IDP should be
configurable to request SAML token from the STS without audience restrictions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
