axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Reinhold (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RAMPART-387) Rampart reports SAML Token Missing In Request
Date Sun, 09 Sep 2012 11:57:07 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Reinhold updated RAMPART-387:
-----------------------------------

    Description: 
When sending a message containing a SAML Token generated by Rampart's STS service, the module
PolicyBasedResultsValidator.handleSupportingTokens() throws a RampartException with 
message "samlTokenMissing".

I believe the error is due to only attempting to validate an unsigned token. The token created
by the STS service is signed as it must be by WS Security requirements. 
Starting at line 323 one sees:

            else if (token instanceof IssuedToken)
            {
                //TODO is is enough to check for ST_UNSIGNED results ??
                WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results,
WSConstants.ST_UNSIGNED);
                if (samlResult == null)
		{
			throw new RampartException("samlTokenMissing");
                }

There needs to be a check for ST_SIGNED.
I do not know how to build the distribution or I would try this myself.

  was:
When sending a message containing a SAML Token generated by Rampart's STS service, the module
PolicyBasedResultsValidator.handleSupportingTokens() throws a RampartException with 
message "samlTokenMissing".

I believe the error is due to only attempting to validate an unsigned token. The token created
by the STS service is signed as it must be by WS Security requirements. 
Starting at line 323 one sees:

            else if (token instanceof IssuedToken)
           {
                //TODO is is enough to check for ST_UNSIGNED results ??
                WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results,
WSConstants.ST_UNSIGNED);
                if (samlResult == null)
		{
			throw new RampartException("samlTokenMissing");
                }

There needs to be a check for ST_SIGNED.
I do not know how to build the distribution or I would try this myself.

    
> Rampart reports SAML Token Missing In Request
> ---------------------------------------------
>
>                 Key: RAMPART-387
>                 URL: https://issues.apache.org/jira/browse/RAMPART-387
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>         Environment: Windows 7 64; Axis2/Rampart deployment in Tomcat
>            Reporter: Brian Reinhold
>              Labels: newbie
>             Fix For: 1.6.2
>
>
> When sending a message containing a SAML Token generated by Rampart's STS service, the
module PolicyBasedResultsValidator.handleSupportingTokens() throws a RampartException with

> message "samlTokenMissing".
> I believe the error is due to only attempting to validate an unsigned token. The token
created by the STS service is signed as it must be by WS Security requirements. 
> Starting at line 323 one sees:
>             else if (token instanceof IssuedToken)
>             {
>                 //TODO is is enough to check for ST_UNSIGNED results ??
>                 WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results,
WSConstants.ST_UNSIGNED);
>                 if (samlResult == null)
> 		{
> 			throw new RampartException("samlTokenMissing");
>                 }
> There needs to be a check for ST_SIGNED.
> I do not know how to build the distribution or I would try this myself.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message