[jbossws-issues] [JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB
Alessio Soldano (JIRA)
issues at jboss.org
Mon May 28 09:25:01 EDT 2018
[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13582908#comment-13582908 ]
Alessio Soldano commented on JBWS-4123:
---------------------------------------
[~jan.krause1], thanks, I was actually going to propose a solution exactly they way you've implemented in the attached archive. Basically, JBossWS exposes the SPI for programmatically pushing the subject context to the container, so you can add a CXF interceptors in your application and perform that.
Clearly, no check is performed on credentials, the subject is directly set.
> SAMLTokenPrincipal is not propagated to EJB
> --------------------------------------------
>
> Key: JBWS-4123
> URL: https://issues.jboss.org/browse/JBWS-4123
> Project: JBoss Web Services
> Issue Type: Feature Request
> Components: jbossws-cxf
> Affects Versions: jbossws-cxf-5.2.1.Final
> Reporter: Viral Gohel
> Priority: Critical
> Fix For: jbossws-cxf-5.2.2.Final
>
> Attachments: redhat-saml-interceptor.zip, redhat.zip
>
>
> SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing.
> Here are the results we see,
> 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl
> 16:23:43,522 INFO [stdout] (default task-9) subjectName
> 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal
> 16:24:15,751 INFO [stdout] (default task-9) anonymous
> CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbossws-issues
mailing list