[
https://issues.apache.org/jira/browse/CXF-3883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-3883.
--------------------------------------
Resolution: Fixed
> Support for identity mapping as part of issue token process
> -----------------------------------------------------------
>
> Key: CXF-3883
> URL: https://issues.apache.org/jira/browse/CXF-3883
> Project: CXF
> Issue Type: New Feature
> Components: STS
> Affects Versions: 2.5
> Reporter: Oliver Wulff
> Assignee: Colm O hEigeartaigh
> Fix For: 2.7.6
>
>
> The JIRA https://issues.apache.org/jira/browse/CXF-3520 describes the case
> where a CXF consumer has configured a different STS than the issuer
> configured in the IssuedToken assertion of the service provider:
> In this case, the service consumer and provider don't understand the
> identity/subject/principal of the counterpart. First, the consumer gets a
> token from its STS (IDP-STS) which could be a SAML token. Then he requests
> another token from the STS and sends the one issued before as part of the
> WS-Security header.
> The STS must figure out that the sent and requested tokens are from different
> realms (security domains) and must therefore call the configured identity
> mapper which takes as parameters source realm, target realm and source
> principal.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
