axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thilina Buddhika (JIRA)" <j...@apache.org>
Subject [jira] Updated: (RAMPART-317) Rampart Trust implementation does not properly handle SAML token with Bearer subject confirmation method.
Date Mon, 24 Jan 2011 06:27:43 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thilina Buddhika updated RAMPART-317:
-------------------------------------

    Attachment: RAMPART-317.patch

The patch attached herewith fixes the above mentioned issue. It checks the subject confirmation
method of the token and does not try to extract KeyInfo from the token if it is Bearer subject
confirmation.

> Rampart Trust implementation does not properly handle SAML token with Bearer subject
confirmation method.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-317
>                 URL: https://issues.apache.org/jira/browse/RAMPART-317
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-trust
>    Affects Versions: 1.5
>            Reporter: Thilina Buddhika
>         Attachments: RAMPART-317.patch
>
>
> Rampart always assumes the SAML tokens to be issued with HoK subject confirmation. When
it receives a token with the Bearer subject confirmation method, it tries to retrieve the
keyinfo from the assertion which is not available in case of bearer subject confirmation.
> Following is the stack trace returned in such a scenario.
> [2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request 
> org.apache.axis2.AxisFault: General security error (SAML token security failure); nested
exception is: 
> 	org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy
from a null argument
> 	at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
> 	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> 	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> 	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> 	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> 	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> 	at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
> 	at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
> 	at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> 	at java.lang.Thread.run(Thread.java:662)
> Caused by: org.apache.ws.security.WSSecurityException: General security error (SAML token
security failure); nested exception is: 
> 	org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy
from a null argument
> 	at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
> 	at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
> 	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> 	... 10 more
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an
ElementProxy from a null argument
> 	at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
> 	at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source)
> 	at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> 	at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
> 	... 12 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message