ActAs and Credential Delegation III: Common Issues
By Jiandong Guo-Oracle on Aug 13, 2009
Many users have picked up this feature for their applications. These are some common
issues come up so far:
1. When a custom SAML assertion validator is used, the SAML assertion is not available
in the Subject.
In this case, you need to use the extended version com.sun.xml.wss.impl.callback.SamlValidator and to add explicitly the DOM based saml assertion to the public credentials of the Subject in your implementation of the method validate(XMLStreamReader assertion, Map runtimeProps, Subject clientSubject) and validate(Element assertion, Map runtimeProps, Subject clientSubject) in the interface.
2. ActAs is not called in your custom STSAttributeProvider:
You need to use the WSTrustContractImpl for your STS as specified in the STSConfiguration in the sts wsdl:
If you use Netbenas to create STS, IssueSAMLTokenContractImpl is set by default. You need to change it to WSTrustContractImpl for "ActAs" support