1 Reply Latest reply on Apr 27, 2010 10:59 AM by Stefan Guilhen

    Need appliesTo in SecurityTokenProvider

    Rashmi Rajappa Newbie

      All,

       

      I have requirement where i would like to add AudienceRestriction with value from RequestSecurityToken.appliesTo

       

      But the value object WSTrustRequestContext does not carry that data nor facilitate the same.

      SAML20TokenProvider.issueToken(WSTrustRequestContext context)

       

      I have only one option left now to extend or StandardRequestHandler and WSTrustRequestContext.

      Instead it would be nice if you could upgrade WSTrustRequestContext to include appliesTo.

       

      Pl let me know your thoughts around this.

       

      regards,

      Rashmi

        • 1. Re: Need appliesTo in SecurityTokenProvider
          Stefan Guilhen Apprentice

          Rashmi,

           

          The reason why we don't have an appliesTo property in WSTrustContext is because the context has the request itself, which contains all WS-T request data including AppliesTo. And SAML20TokenProvider already creates an AudienceRestriction if AppliesTo is found in the request. See the following code in issueToken():

           

           

                AudienceRestrictionType restriction = null;
                AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
                if (appliesTo != null)
                   restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
                ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
                      restriction);
          

           

          As you can see, you can access the original request from the context and then check the request object to see if an AppliesTo has been specified. If that is the case, then an AudienceRestriction is created and included in the SAML assertion.