[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-dev
Subject: Re: OpenSaml: BinarySecurityTokenMarshaller generates ValueType as EncodingType
From: Brent Putman <putmanb () georgetown ! edu>
Date: 2020-09-03 0:03:41
Message-ID: 87e77feb-df55-abc1-d93d-e19593aa6f7e () georgetown ! edu
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 9/2/20 5:18 PM, Patrick Peer wrote:
> Hi Brent,
>
> I am tasked to assemble a security token renew request, with
> signature and the whole shebang. To do so, I utilize the Java
> implementation of OpenSaml. I ran into a problem and it seems easier
> to contact you directly instead of jumping through the hoops
> necessary to open a Jira issue.
First, please do not email the developers directly. Use the dev list
(copied on this reply): https://www.shibboleth.net/community/
Second, if you think you have found a bug and want it addressed, please
do open a Jira issue. That is the way that issues get addressed.
>
> The BinarySecurityToken is required to have the EncodingType and
> ValueType attributes. However, the ValueType is never marshalled.
> Digging a bit, I found that the BinarySecurityTokenMarshaller uses
> the String "EncodingType" for the ValueType I provide. Digging even
> deeper I could track this down to
> commit d53f2af26987075774350ccb8d60db9110247638, which seems to split
> up the code for the two Types. Before, both were rendered
> within BinarySecurityTokenMarshaller with their respective correct names.
This was contributed code from someone else over a decade ago and has
not been thoroughly tested.
>
> I'd be grateful for any insights, as It seems I will need to find a
> workaround to meet my deadlines. Currently I think I will just alter
> the DOM before generating the signature. I would prefer to not
> compile and distribute the openSaml library myself.
>
Seems like a simple typo type of bug in the marshaller. We can fix it
but I can't currently guarantee when we will do another release. You
didn't mention whether you are using 3.x or 4.x. It's quite likely we
will not be doing another release of 3.x at all.
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 9/2/20 5:18 PM, Patrick Peer wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+_OtR+_yctVkC1J2a2Phn_7YDuVmmrOtsma0Xq6Ynh0=8O6ZQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi Brent,
<div><br>
</div>
<div>I am tasked to assemble a security token renew request,
with signature and the whole shebang. To do so, I utilize the
Java implementation of OpenSaml. I ran into a problem and it
seems easier to contact you directly instead of jumping
through the hoops necessary to open a Jira issue.</div>
</div>
</blockquote>
<p><br>
</p>
<p>First, please do not email the developers directly. Use the dev
list (copied on this reply): <a class="moz-txt-link-freetext" \
href="https://www.shibboleth.net/community/">https://www.shibboleth.net/community/</a></p>
<p>Second, if you think you have found a bug and want it addressed,
please do open a Jira issue. That is the way that issues get
addressed.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CA+_OtR+_yctVkC1J2a2Phn_7YDuVmmrOtsma0Xq6Ynh0=8O6ZQ@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>The BinarySecurityToken is required to have the
EncodingType and ValueType attributes. However, the ValueType
is never marshalled. Digging a bit, I found that
the BinarySecurityTokenMarshaller uses the String
"EncodingType" for the ValueType I provide. Digging even
deeper I could track this down to
commit d53f2af26987075774350ccb8d60db9110247638, which seems
to split up the code for the two Types. Before, both were
rendered within BinarySecurityTokenMarshaller with their
respective correct names.</div>
</div>
</blockquote>
<p><br>
</p>
<p>This was contributed code from someone else over a decade ago and
has not been thoroughly tested. <br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CA+_OtR+_yctVkC1J2a2Phn_7YDuVmmrOtsma0Xq6Ynh0=8O6ZQ@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>I'd be grateful for any insights, as It seems I will need
to find a workaround to meet my deadlines. Currently I think I
will just alter the DOM before generating the signature. I
would prefer to not compile and distribute the openSaml
library myself.</div>
<br>
</div>
</blockquote>
<p><br>
</p>
<p>Seems like a simple typo type of bug in the marshaller. We can
fix it but I can't currently guarantee when we will do another
release. You didn't mention whether you are using 3.x or 4.x.
It's quite likely we will not be doing another release of 3.x at
all.<br>
</p>
</body>
</html>
--
To unsubscribe from this list send an email to dev-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic