cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grzegorz Maczuga (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-7013) SAML token using ws-security.callback-handler as for UT with ID attribute value
Date Tue, 16 Aug 2016 15:03:21 GMT
Grzegorz Maczuga created CXF-7013:
-------------------------------------

             Summary: SAML token using ws-security.callback-handler as for UT with ID attribute
value
                 Key: CXF-7013
                 URL: https://issues.apache.org/jira/browse/CXF-7013
             Project: CXF
          Issue Type: Bug
          Components: Core
    Affects Versions: 3.0.6
            Reporter: Grzegorz Maczuga
            Priority: Minor


Processing of SAML token results in call of configured ws-security.callback-handler same as
for Username Token.

When CXF receives (no UT in it):

   <wss:Security>
      <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z"
Version="2.0">
        <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
        <saml:Subject>
          <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
       ...         
     </wss:Security>

it calls configured:
        ws-security.callback-handler=com.SecurityCallback
with ID="Abc-1" from above Security section as username.

Ignoring this and moving on has no impact on processing SAML token but if SecurityCallback
does some funny stuff (or at list logging) for each received UT it is really confusing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message