cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation
Date Fri, 06 May 2011 16:32:03 GMT

     [ https://issues.apache.org/jira/browse/CXF-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved CXF-3457.
--------------------------------------

    Resolution: Fixed

> Service fails to find IssuedToken using SAML bearer subject confirmation
> ------------------------------------------------------------------------
>
>                 Key: CXF-3457
>                 URL: https://issues.apache.org/jira/browse/CXF-3457
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Alistair Phipps
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.1
>
>
> Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails to recognize
a bearer assertion where getSubjectKeyInfo returns null.  This results in the message failing
the policy check as the IssuedToken is not added to the message.
> Sample message:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action
xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To
xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion
xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z"
Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z"
NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute
AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature
xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message