Jan Bernhardt created CXF-6763:
----------------------------------
Summary: STS requires ClaimHandler even in ClaimMapping only
scenarios
Key: CXF-6763
URL: https://issues.apache.org/jira/browse/CXF-6763
Project: CXF
Issue Type: Bug
Components: STS
Affects Versions: 3.1.4
Reporter: Jan Bernhardt
Priority: Minor
In case that the STS is used only for token mapping, the STS does not need
ClaimHandler to lookup claims from a backend.
Example Scenario: Fediz-IDP is used as a RP-IDP only (with no direct user
login), but only doing claim mappings.
In this case the STS only needs a relationship with a ClaimMapper, but no
ClaimHandler are required.
The following code within {{org.apache.cxf.sts.operation.TokenIssueOperation}}
however checks if ClaimMapper for requested Claims exists and fails if not.
{code}
//Check if the requested claims can be handled by the configured claim handlers
ClaimCollection requestedClaims =
providerParameters.getRequestedPrimaryClaims();
checkClaimsSupport(requestedClaims);
requestedClaims = providerParameters.getRequestedSecondaryClaims();
checkClaimsSupport(requestedClaims);
providerParameters.setClaimsManager(claimsManager);
{code}
>From my understanding these {{checkClaimsSupport}} can be removed completely,
>because the STS will still fail, if the requested Claims are not available in
>the end.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
