Extend STSClient to configure Claims
------------------------------------
Key: CXF-3735
URL: https://issues.apache.org/jira/browse/CXF-3735
Project: CXF
Issue Type: New Feature
Affects Versions: 2.4.1
Reporter: Oliver Wulff
The STSClient only adds the Claims element to the RST if found in the
WS-SecurityPolicy of the service provider. Further, the service consumer must
send a SAML token which includes the claims data.
If the service consumer sends a token (UsernameToken, BST, X509) which is not
able to convey claims data there is no standard way for the service provider to
retrieve the claims data. If the required and optional claims can be configured
in the STSClient, we can address the above use case.
The service provider validates the UsernameToken or BST against the STS. He
requests a SAML token and passes the configured claims in the RST of the
validate binding.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
