cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-3630) WSS4JIn Interceptor Issue
Date Thu, 08 Sep 2011 11:54:09 GMT

    [ https://issues.apache.org/jira/browse/CXF-3630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13100246#comment-13100246
] 

Colm O hEigeartaigh commented on CXF-3630:
------------------------------------------


Hi Srinivas,

Could you describe in more detail the scenario you want to recreate? Are you using the CallbackHandler
approach to create a SAML Assertion? By specifying it as an EndorsingSupportingToken, do you
expect the certificate of the Subject of the Assertion to endorse the signature?

Colm.

> WSS4JIn     Interceptor   Issue
> -------------------------------
>
>                 Key: CXF-3630
>                 URL: https://issues.apache.org/jira/browse/CXF-3630
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Srinivasa Kukatla
>            Assignee: Colm O hEigeartaigh
>             Fix For: Invalid
>
>
> WSS4JInInterceptor does not assert the policies. Hence I had to use the PolicyBasedWSS4JInInterceptor,
but it does not have the constructor. Hence I had to add the constructor. Here is another
problem:
> I need the following requirement, Saml Assertion needs to be signed, Timestamp needs
to be signed:
> But, on the wss4jOutInterceptor, if I say Timestamp, SAMLTokenSigned, and Signature,
the actions are mismatching. Hence i had to use only the first two actions.
> <constructor-arg>
>             <map>
>                 <entry key="action" value="Timestamp SAMLTokenSigned"/>
>                 <entry key="timeToLive" value="${timestamp.expiration.property}"/>
>                 <entry key="user" value="${client.signature.username}"/>
>                 <entry>
> 						<key>
> 						<value>passwordCallbackRef</value>
> 						</key>
> 						<ref bean="passwordCallBackHandler"/>
> 				</entry>
>                 <entry key="passwordType" value="PasswordDigest" />
>                 <entry key="samlPropFile" value="${client.saml.properties}"/>
>                 <entry key="signaturePropFile" value="${client.signature.properties}"
/>
>                 <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
>                 <entry key="signatureDigestAlgorithm" value="http://www.w3.org/2000/09/xmldsig#sha1"
/>
>                 <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
>            </map>
>         </constructor-arg>
> But, on the WSS4JInInterceptor, I needed to configure 3 actions as shown below:
> <constructor-arg>
>             <map>
>                 <entry key="action" value="Timestamp SAMLTokenSigned Signature "/>
>                 <entry key="timeToLive" value="${timestamp.expiration.property}"/>
>                 <entry key="passwordType" value="PasswordDigest" />
>                 <entry key="signaturePropFile" value="${server.signature.properties}"
/>
>                 <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
>                 <entry key="signatureDigestAlgorithm" value="http://www.w3.org/2000/09/xmldsig#sha1"
/>
>                 <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"/>
>                	<entry key="enableSignatureConfirmation" value="true" />
>            </map>
>         </constructor-arg>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message