[jbossws-issues] [JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB
Alessio Soldano (JIRA)
issues at jboss.org
Wed May 30 03:54:00 EDT 2018
[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13584029#comment-13584029 ]
Alessio Soldano commented on JBWS-4123:
---------------------------------------
So, [~jim.ma] has been trying the application here, manually set up the elytron security domain adding the following to the CLI script:
{noformat}
/subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication)
/subsystem=ejb3/application-security-domain=ApplicationDomain:add(security-domain=ApplicationDomain)
{noformat}
but eventually figured out a roadblock which is now filed under https://issues.jboss.org/browse/WFLY-10480 .
> SAMLTokenPrincipal is not propagated to EJB
> --------------------------------------------
>
> Key: JBWS-4123
> URL: https://issues.jboss.org/browse/JBWS-4123
> Project: JBoss Web Services
> Issue Type: Feature Request
> Components: jbossws-cxf
> Affects Versions: jbossws-cxf-5.2.1.Final
> Reporter: Viral Gohel
> Priority: Critical
> Fix For: jbossws-cxf-5.2.2.Final
>
> Attachments: redhat-saml-interceptor.zip, redhat.zip
>
>
> SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing.
> Here are the results we see,
> 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl
> 16:23:43,522 INFO [stdout] (default task-9) subjectName
> 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal
> 16:24:15,751 INFO [stdout] (default task-9) anonymous
> CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbossws-issues
mailing list