]
Alessio Soldano commented on JBWS-4123:
---------------------------------------
Btw, here is basically where the webservices subsystem check the type of security domain
it's been passed:
SAMLTokenPrincipal is not propagated to EJB
--------------------------------------------
Key: JBWS-4123
URL:
https://issues.jboss.org/browse/JBWS-4123
Project: JBoss Web Services
Issue Type: Feature Request
Components: jbossws-cxf
Affects Versions: jbossws-cxf-5.2.1.Final
Reporter: Viral Gohel
Priority: Critical
Fix For: jbossws-cxf-5.2.2.Final
Attachments: redhat-saml-interceptor.zip, redhat.zip
SAML Token Principal can be propagated to the EJB layer, which right now we are not
seeing.
Here are the results we see,
16:23:43,521 INFO [stdout] (default task-9) class
org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl
16:23:43,522 INFO [stdout] (default task-9) subjectName
16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal
16:24:15,751 INFO [stdout] (default task-9) anonymous
CXF code isn't creating the Subject for the security context in a way that the EAP,
or JEE containers, can understand. For UsernameToken type authentication this is done
through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but
I'm unsure if this applies to SAML tokens.