ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wellen Lau" <wellen....@oracle.com>
Subject RE: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2
Date Wed, 23 May 2007 02:42:41 GMT
Want to correct my context abt SAMLTokenSigned. It  signed the assertion and the body. Is there
a way just to sign a particular content in the assertion using signatureParts ?

 

________________________________

From: Wellen Lau [mailto:wellen.lau@oracle.com] 
Sent: Tuesday, May 22, 2007 4:00 PM
To: wss4j-dev@ws.apache.org
Subject: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned
not working with signatureParts in wss4j 1.5.2

 

 

Hi All,

 

I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support  the "signatureParts"
parameter" in wss4j 1.5. It does not seems working for me in latest wss4j. Probably someone
can enlighten me.

Is it the way I configure my handler or is it an issue.

 

According to the problem and it seems indicates that in this SAMLTokenSignedAction.java does
not have the below code and causing the problem.

 
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());

 

 

 

I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.

 

Client Config as below :

            <parameter name="action" value="Timestamp SAMLTokenSigned"/>

            <parameter name="signatureKeyIdentifier" value="DirectReference"/>

            <parameter name="samlPropFile" value="saml3.properties"/>

            <parameter name="signatureParts" value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>

 

 

It seems to me that using SAMLTokenSigned signed the body only.  I am trying to sign the assertion
ONLY.

 

 

I did a debug on the client and found out that :

 

addReferencesToSign() [WSSecSignatureSAML.java]

{

.

                        String idToSign = encPart.getId();

..

 

                    Element body = (Element) WSSecurityUtil.findElement(

                            envelope, elemName, nmSpace);

                    if (body == null) {

                        throw new WSSecurityException(

                                WSSecurityException.FAILURE, "noEncElement",

                                new Object[] { nmSpace + ", " + elemName });

                                

                                .........

                 

 

}               

the value of idToSign is empty.

The value of body is empty.

 

 

However, if I use below :

            <parameter name="action" value="Timestamp SAMLTokenUnsigned Signature"/>
with signatureParts, it works.

 

Hoping to get some idea 


Mime
View raw message