ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Russell Orf (JIRA)" <>
Subject [jira] [Commented] (WSS-616) STRTransform TransformException when manually adding SAML Assertion via SAMLCallback.setAssertionElement()
Date Thu, 19 Oct 2017 20:32:00 GMT


Russell Orf commented on WSS-616:

I have reproduced the issue using Tomcat v8.5 (out of the box configuration) and CXF v3.1.13.
The steps to reproduce are:

1) Start Tomcat. 
2) Deploy the .war file. It has a servlet context listener that will attempt to make the service
call on servlet initialization.

I have attached the tomcat log from my test and the .war file deployed. The source is available

Please let me know if there's anything else you need.

> STRTransform TransformException when manually adding SAML Assertion via SAMLCallback.setAssertionElement()
> ----------------------------------------------------------------------------------------------------------
>                 Key: WSS-616
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.1.7
>         Environment: Apache Tomcat 8.0.37
>            Reporter: Russell Orf
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>         Attachments: catalina.out, service-client.war
> In Apache CXF v3.1.7, I have a JAX-WS web service client calling a service that requires
a HolderOfKey SAML Assertion. The assertions are from a custom service that does not adhere
to the WS-Trust SecureTokenService standard, so I am adding them manually in a SAMLCallbackHander,
using the callback.setAssertionElement() method.
> When invoking the client, the WSS4J framework is unable to compute the signature for
the SecurityTokenReference header block, throwing the below error:
> {{
> javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.dsig.TransformException:
org.apache.wss4j.common.ext.WSSecurityException: Referenced token "id-of-SAML-assertion" not
> at org.apache.wss4j.dom.str.STRParserUtil.getTokenElement(
> at org.apache.wss4j.dom.transform.STRTransformUtil.dereferenceSTR(
> at org.apache.wss4j.dom.transform.STRTransform.transformIt(}}
> It appears that the SAML assertion DOM Element that is added via the callback.setAssertionElement()
method is not getting searched by the STRParserUtil.getTokenElement() method.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message