[
https://issues.apache.org/jira/browse/CXF-4062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13219952#comment-13219952
]
Oliver Wulff commented on CXF-4062:
-----------------------------------
Here is an example of another claims dialect which makes use of passing values
of a claim.
<wst:RequestSecurityToken>
<wst:TokenType>
...
</wst:TokenType>
<wst:RequestType>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
</wst:RequestType>
<wst:Claims
Dialect="http://schemas.xmlsoap.org/ws/2006/12/authorization/authclaims";>
<auth:ClaimType Uri="http://schemas.xmlsoap.org/claims/Group";>
<auth:Value>Bonded</auth:Value>
</auth:ClaimType>
</wst:Claims>
<auth:AdditionalContext>
<auth:ContextItem Name="http://www.fabrikam.com/rfps/tracking/for";>
<auth:Value>Contoso</auth:Value>
</auth:ContextItem>
<auth:ContextItem Name="http://www.fabrikam.com/rfps/tracking/bidid";>
<auth:Value>t9000hx-1139</auth:Value>
</auth:ContextItem>
<auth:ContextItem
Name="http://www.fabrikam.com/rfps/tracking/value";>
<auth:Value>$1,320,000.00</auth:Value>
</auth:ContextItem>
</auth:AdditionalContext>
</wst:RequestSecurityToken>
You can find more information here:
http://msdn.microsoft.com/en-us/library/bb498017.aspx
> Enabling custom claim parser
> ----------------------------
>
> Key: CXF-4062
> URL: https://issues.apache.org/jira/browse/CXF-4062
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.5.2
> Reporter: Jan Bernhardt
> Labels: Claims, STS
> Attachments: claimParer.patch
>
>
> STS-core:
> Currently there is now way to use a custom dialect in requested claims. Even
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims is not fully supported
> (only ClaimType element).
> Therefore I introduced a new Interface ClaimParser, and a DefaultClaimParser
> with the current parsing logic. This parser is called by default within
> RequestParser, so that the normal cxf behavior has not changed. But to make
> this process more flexible it is possible (with this patch) to register any
> kind of ClaimParser supporting a specific dialect. I implemented a
> IdentityClaimParser which is currently able to parser CustomType and
> CustomValueType elements within the wst:claims element. Since the current
> RequestClaim does not support any claim values, except of the Uri attribute,
> I created a SubClass ClaimValueType to also pass the claim value to the claim
> handler.
> This patch is just a starting point. I think there should be a more complex
> redesign of the current claim handling implementation, because it is
> currently focused on only one Use-Case. The following improvements should be
> made:
> * The RequestClaim class should be replaced by a more flexible interface
> supporting any kind of parsing and handling custom dialects.
> * It should be possible to include/configure custom claimparser via spring
> config
> * A fully supported implementation of
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims dialect would be great
> Here is an example of a claims STS request which is supported by applying
> this patch:
> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";
> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";>
> <ic:ClaimValue
> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>admin</ic:ClaimValue>
> </wst:Claims>
> Thank you for this great product!! I hope this patch can help to further
> improve CXF.
> Best regards
> Jan
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
