[
https://issues.apache.org/jira/browse/FEDIZ-168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed FEDIZ-168.
-------------------------------------
> Support SAML Token without Audience Restriction
> -----------------------------------------------
>
> Key: FEDIZ-168
> URL: https://issues.apache.org/jira/browse/FEDIZ-168
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: IDP, Plugin
> Affects Versions: 1.3.0, 1.2.2
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.2.3, 1.3.1
>
>
> Currently Fediz only supports SAML with an audience restriction. However the
> standard only requires audience restriction validation if this value is
> present within the SAML token. If no audience restriction is set, this token
> should be valid for any service.
> Especially in cases when the Login SAML token should be used to login to a
> webpage and the same token can be used to authenticate the user against
> backend services, an audience restriction could be disturbing.
> Fediz Plugin should accept SAML token without audience restrictions as valid
> (if all other security requirements are met) and the Fediz IDP should be
> configurable to request SAML token from the STS without audience restrictions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
