cloud-security-services-integration-library icon indicating copy to clipboard operation
cloud-security-services-integration-library copied to clipboard
verified publisher icon SAP

App2Service support

Open mwdb opened this issue 2 years ago • 0 comments

This is an initial draft for supporting App2Service flows. What is missing:

  1. In Spring applications the certificate is not available in the security context, see https://github.com/SAP/cloud-security-services-integration-library/issues/1332
  2. ProofToken data is not passed back to the application. Tbd how data is passed from a validator to the application. Maybe extending the Token interface for this?
  3. ProofToken data does not contain the plan. I guess this would be needed for AMS to be able to react on it.
  4. X509Certificate is using X500Principal.RFC1779 formatting, while standard in identity broker is RFC2253. Also the trim() looks a bit weird.

mwdb avatar Oct 31 '23 19:10 mwdb