cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grzegorz Maczuga (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-7088) SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
Date Thu, 13 Oct 2016 09:04:21 GMT
Grzegorz Maczuga created CXF-7088:
-------------------------------------

             Summary: SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted
being accepted
                 Key: CXF-7088
                 URL: https://issues.apache.org/jira/browse/CXF-7088
             Project: CXF
          Issue Type: Bug
    Affects Versions: 3.0.6
            Reporter: Grzegorz Maczuga


In WS-Policy that is used by service we have defined 

<SignedEncryptedSupportingTokens/>

Some people say that WS-SecurityPolicy 1.2 imply that also SAML assertion that is inside WS-Security
section of the message SOAP Header should be encrypted (not only signed).

Message with SAML that is NOT encrypted is currently accepted by CXF even while policy defines
<SignedEncryptedSupportingTokens/>

Question is: does SAML assertion fall into "SupportingTokens" category and should be encrypted
as well?

What is your view on that? Is that a bug in Neethi?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message