[jboss-jira] [JBoss JIRA] Closed: (JBID-140) JBoss STS - add a ClaimsHandler interface that allows for pluggable claims interpreters

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Fri Oct 30 17:31:05 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBID-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen closed JBID-140.
-------------------------------

    Resolution: Done


A ClaimsProcessor interface has been added to JBoss STS. Actual implementations are configured in the jboss-sts.xml file:

<ClaimsProcessors>
   <ClaimsProcessor ProcessorClass="org.jboss...." Dialect="http://....">
      <Property Key="key" Value="value"/>
   </ClaimsProcessor>
</ClaimsProcessors>

When the STS receives a request with a Claims section, it uses the Claims dialect to locate the processor that can handle the claims. The processor is called and is responsible for parsing the Claims contents and for locating the attributes that correspond to the required claims. The retrieved attributes are then available for the token providers through the WSTrustRequestContext.

> JBoss STS - add a ClaimsHandler interface that allows for pluggable claims interpreters
> ---------------------------------------------------------------------------------------
>
>                 Key: JBID-140
>                 URL: https://jira.jboss.org/jira/browse/JBID-140
>             Project: JBoss Identity
>          Issue Type: Task
>          Components: Identity-Federation
>    Affects Versions: IDFED-1.0.0.alpha3
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>             Fix For: IDFED-1.0.0.beta3
>
>
> A WS-Trust request may contain a set of claims that must be included in the issued token. The claims syntax is not specified, so it must be inferred from the Dialect attribute of the Claims element. We must create a ClaimsHandler or ClaimsProvider interface in the STS system to allow for pluggable configuration of claim handlers.
> A possible default implementation could handle claims as specified by the Identity Metasystem Interoperability 1.0 (http://docs.oasis-open.org/imi/ns/identity-200810) and use the JBoss IDM API to obtain the necessary information.
> The configuration of the ClaimsHandlers would be similar to the TokeProviders and should also allow for the specification of general properties:
> <ClaimsHandlers>
>    <ClaimsHandler HandlerClass="...." ClaimsDialect="http://....">
>        <Property name="prop" value="value"/>
>    </ClaimsHandler>
> </ClaimsHandler>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list