[jira] [Created] (CXF-6387) External SAML References for SOAP Messages

Jan Bernhardt (JIRA) Mon, 04 May 2015 03:01:28 -0700

Jan Bernhardt created CXF-6387:
----------------------------------

             Summary: External SAML References for SOAP Messages
                 Key: CXF-6387
                 URL: https://issues.apache.org/jira/browse/CXF-6387
             Project: CXF
          Issue Type: Improvement
          Components: STS
    Affects Versions: 3.0.4
            Reporter: Jan Bernhardt



The current implementation of CXF supports SAML token references only inside 
the same SOAP message. This causes a great overhead, if the actual payload is 
relatively small.

The WSS 1.2 specification [1] allows to define a {{RequireExternalReference}} 
policy assertion. AAccording to the SAMLTokenProfile [2] this external 
reference could look like this: 

{code}
<ds:KeyInfo xmlns:ds="...">
  <wsse:SecurityTokenReference
              xmlns:wsse="..." xmlns:wsu="..." xmlns:wsse11="..."
           wsu:id=”STR1”
           
wsse11:TokenType=”http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0”>
    <wsse:Reference
           wsu:id=”…”
       URI=”https://saml.example.edu/assertion-authority?ID=abcde”>
         </wsse:Reference>
  </wsse:SecurityTokenReference>
</ds:KeyInfo>
{code}

This would require that the STS caches all issued tokens and makes them 
available via REST API.

[1] 
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/ws-securitypolicy-1.2-spec-cd-01.html#_IssuedToken_Assertion

[2] 
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SAMLTokenProfile-v1.1.1-os.html#_Toc295507774



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CXF-6387) External SAML References for SOAP Messages

Reply via email to