[jbossws-issues] [JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

Jan Krause (JIRA) issues at jboss.org
Tue May 29 07:44:00 EDT 2018 

    [ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13583368#comment-13583368 ] 

Jan Krause commented on JBWS-4123:
----------------------------------

[~asoldano], thank you for the quick reply. As we observed, there seems to be another problem while propagating the created identity to a remote server. 
We try to transfer the created principal from the webservices subsystem to the ejb subsystem via a security domain provided by the Elytron subsystem. But instead of using the Elytron security domain, it seems that a legacy security domain is used in the webservices subsystem. In conclusion there is no known possibility for us to place the created principal in the ejb subsystem. Elytron is mandatory, as we need to be able to transfer the identity to a remote EAP without any applicationside changes.

We have to find a solution for this second problem to fulfill our own requirements.

> SAMLTokenPrincipal is not propagated to EJB 
> --------------------------------------------
>
>                 Key: JBWS-4123
>                 URL: https://issues.jboss.org/browse/JBWS-4123
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>          Components: jbossws-cxf
>    Affects Versions: jbossws-cxf-5.2.1.Final
>            Reporter: Viral Gohel
>            Priority: Critical
>             Fix For: jbossws-cxf-5.2.2.Final
>
>         Attachments: redhat-saml-interceptor.zip, redhat.zip
>
>
>  SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. 
> Here are the results we see, 
> 16:23:43,521 INFO  [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl
> 16:23:43,522 INFO  [stdout] (default task-9) subjectName
> 16:23:58,617 INFO  [stdout] (default task-9) class org.jboss.security.SimplePrincipal
> 16:24:15,751 INFO  [stdout] (default task-9) anonymous
> CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jbossws-issues mailing list