axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thilina Buddhika (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (RAMPART-317) Rampart Trust implementation does not properly handle SAML token with Bearer subject confirmation method.
Date Thu, 24 Feb 2011 05:08:38 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thilina Buddhika resolved RAMPART-317.
--------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.6.0

Applied the patch to both 1_6 branch and trunk (r1074044 ).

> Rampart Trust implementation does not properly handle SAML token with Bearer subject
confirmation method.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-317
>                 URL: https://issues.apache.org/jira/browse/RAMPART-317
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-trust
>    Affects Versions: 1.5
>            Reporter: Thilina Buddhika
>            Assignee: Thilina Buddhika
>             Fix For: 1.6.0
>
>         Attachments: RAMPART-317.patch
>
>
> Rampart always assumes the SAML tokens to be issued with HoK subject confirmation. When
it receives a token with the Bearer subject confirmation method, it tries to retrieve the
keyinfo from the assertion which is not available in case of bearer subject confirmation.
> Following is the stack trace returned in such a scenario.
> [2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request 
> org.apache.axis2.AxisFault: General security error (SAML token security failure); nested
exception is: 
> 	org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy
from a null argument
> 	at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
> 	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> 	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> 	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> 	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> 	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> 	at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
> 	at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
> 	at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> 	at java.lang.Thread.run(Thread.java:662)
> Caused by: org.apache.ws.security.WSSecurityException: General security error (SAML token
security failure); nested exception is: 
> 	org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy
from a null argument
> 	at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
> 	at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
> 	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> 	... 10 more
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an
ElementProxy from a null argument
> 	at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
> 	at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source)
> 	at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> 	at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
> 	... 12 more

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message