cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-4746) STS issues invalid SAML 1.1 Assertions under certain conditions
Date Fri, 11 Jan 2013 14:46:12 GMT
Colm O hEigeartaigh created CXF-4746:
----------------------------------------

             Summary: STS issues invalid SAML 1.1 Assertions under certain conditions
                 Key: CXF-4746
                 URL: https://issues.apache.org/jira/browse/CXF-4746
             Project: CXF
          Issue Type: Bug
          Components: Services
    Affects Versions: 2.7.2, 2.6.5, 2.5.8
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.5.9, 2.6.6, 2.7.3



The STS issues invalid SAML 1.1 Assertions under certain conditions. Namely, if an AttributeStatementProvider
(such as the ClaimsAttributeStatementProvider) is explicitly configured on the SAMLTokenProvider,
but no AttributeStatement is actually added (for example, if the client doesn't present any
claims).

In this case, a SAML 1.1 Assertion can be issued with no Statements, something which is invalid
according to the schema.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message