This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Apache Stonehenge
Child pages
  • StockTrader Active Security Token Service (STS)
Skip to end of metadata
Go to start of metadata

Overview

The M2 milestone of the Stonehenge StockTrader Sample Application introduced a set of implementations that utilized claims-based authorization and federated identity. As a component in the sample, the Active Security Token Service (STS) provides support for federated identity and claims-based authentication.

Implementation

The Active STS is a web service relied upon by the Business Service, the Relying Party (RP), to translate claims about the user as issued by the Passive STS. In the case of the StockTrader Sample, the Active STS simply reasserts all of the claims provided by the caller.

The only claim that the Business Service ultimately cares about is the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier claim, which it uses as the user name for all of its operations. Since the user name is in the format of username@stonehenge.com, the business service takes only the value before @ as being part of the user name.

  • No labels