Colm O hEigeartaigh created CXF-5251:
----------------------------------------
Summary: Implement more stringent requirements on allowing
OnBehalfOf/ActAs in the STS
Key: CXF-5251
URL: https://issues.apache.org/jira/browse/CXF-5251
Project: CXF
Issue Type: Improvement
Components: STS
Affects Versions: 2.7.6
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.6.10, 2.7.7
This task is to implement more stringent requirements on allowing
OnBehalfOf/ActAs in the STS. A new interface will be introduced to determine
whether or not is is allowed to issue a new token OnBehalfOf/ActAs some other
token. A default implementation will disallow everything apart from a SAML
Bearer token. In addition, the AppliesTo address (if sent) must be the same as
one of the existing Audience Restriction addresses (if they exist).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
