[
https://issues.apache.org/jira/browse/CXF-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960286#comment-13960286
]
Stephen Chappell commented on CXF-5664:
---------------------------------------
> The question is whether the other participants should be added under the same
> AudienceRestriction as the AppliesTo
> address? Should we ignore the AppliesTo address if we have explicit
> participants? If we have multiple participants,
> should they go into the same AudienceRestriction Object (as multiple
> audiences), or should we have multiple
> AudienceRestrictions per participant?
The requirements that I am working to require that both AppliesTo and
Participants (including the Primary) are added to an AudienceRestriction
elements. It also appears that there's an AudienceRestriciton element for each
Participant (and AppliesTo) element. So given a choice, that's what I'd be
looking for.
I think it would be more broadly applicable though if this sort of thing were
configurable, or left for to be implemented through derived objects that let
the implementor choose.
> CXF STS does not support wst:Participants
> -----------------------------------------
>
> Key: CXF-5664
> URL: https://issues.apache.org/jira/browse/CXF-5664
> Project: CXF
> Issue Type: Bug
> Components: STS
> Affects Versions: 2.7.8, 2.7.9, 2.7.10
> Reporter: Stephen Chappell
> Assignee: Colm O hEigeartaigh
> Labels: features, security
>
> The CXF STS does not recognize the wst:Participants element within a
> wst:RequestSecurityToken, and instead throws a BadRequest SOAP fault. The
> Participants element should be parsed and added to the list of
> AudienceRestrictions in the issued token.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
