[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: RE: SAMLTokenSignedAction doesn't support the "signatureParts"
From: "Wellen Lau" <wellen.lau () oracle ! com>
Date: 2007-05-23 2:42:41
Message-ID: 20070522194241546.00000004036 () WLAU-LAP2
[Download RAW message or body]
Want to correct my context abt SAMLTokenSigned. It signed the assertion and the \
body. Is there a way just to sign a particular content in the assertion using \
signatureParts ?
________________________________
From: Wellen Lau [mailto:wellen.lau@oracle.com]
Sent: Tuesday, May 22, 2007 4:00 PM
To: wss4j-dev@ws.apache.org
Subject: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => \
SAMLTokenSigned not working with signatureParts in wss4j 1.5.2
Hi All,
I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support the \
"signatureParts" parameter" in wss4j 1.5. It does not seems working for me in latest \
wss4j. Probably someone can enlighten me.
Is it the way I configure my handler or is it an issue.
According to the problem and it seems indicates that in this \
SAMLTokenSignedAction.java does not have the below code and causing the problem.
if (reqData.getSignatureParts().size() > 0) {
wsSign.setParts(reqData.getSignatureParts());
I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.
Client Config as below :
<parameter name="action" value="Timestamp SAMLTokenSigned"/>
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
<parameter name="samlPropFile" value="saml3.properties"/>
<parameter name="signatureParts" \
value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>
It seems to me that using SAMLTokenSigned signed the body only. I am trying to sign \
the assertion ONLY.
I did a debug on the client and found out that :
addReferencesToSign() [WSSecSignatureSAML.java]
{
.
String idToSign = encPart.getId();
..
Element body = (Element) WSSecurityUtil.findElement(
envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noEncElement",
new Object[] { nmSpace + ", " + elemName });
.........
}
the value of idToSign is empty.
The value of body is empty.
However, if I use below :
<parameter name="action" value="Timestamp SAMLTokenUnsigned Signature"/> \
with signatureParts, it works.
Hoping to get some idea
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:st1="urn:schemas-microsoft-com:office:smarttags" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
pre
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Want to correct my context abt \
</span></font><font size=2 face=Arial><span \
style='font-size:10.0pt;font-family:Arial'>SAMLTokenSigned. It signed the \
assertion and the body. Is there a way just to sign a particular content in the \
assertion using signatureParts ?<font color=navy><span \
style='color:navy'><o:p></o:p></span></font></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Wellen Lau
[mailto:wellen.lau@oracle.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, May 22, 2007 4:00
PM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName \
w:st="on">wss4j-dev@ws.apache.org</st1:PersonName><br> <b><span \
style='font-weight:bold'>Subject:</span></b> SAMLTokenSignedAction doesn't support \
the "signatureParts" parameter => SAMLTokenSigned not working with \
signatureParts in wss4j 1.5.2</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi All,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I noticed there was a fix on resolving
“SAMLTokenSignedAction doesn't support the
"signatureParts" parameter” in wss4j 1.5. It does not seems
working for me in latest wss4j. Probably someone can enlighten \
me.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Is it the way I configure my handler or is it an \
issue.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>According to the problem and it seems indicates that in this
SAMLTokenSignedAction.java does not have the below code and causing the
problem.<o:p></o:p></span></font></p>
<pre><font size=2 face="Courier New"><span \
style='font-size:10.0pt'> <o:p></o:p></span></font></pre><pre><font size=2 \
face="Courier New"><span \
style='font-size:10.0pt'> if \
(reqData.getSignatureParts().size() > 0) \
{<o:p></o:p></span></font></pre><pre><font size=2 face="Courier New"><span \
style='font-size:10.0pt'> \
wsSign.setParts(reqData.getSignatureParts());<o:p></o:p></span></font></pre>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I tried on wss4j 1.5.2 and checked the fix is indeed in
SAMLTokenSigned.java.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Client Config as below :<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<parameter name="action" value="Timestamp
SAMLTokenSigned"/><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<parameter name="signatureKeyIdentifier"
value="DirectReference"/><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<parameter name="samlPropFile"
value="saml3.properties"/><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<parameter name="signatureParts"
value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>It seems to me that using SAMLTokenSigned signed the body
only. I am trying to sign the assertion ONLY.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I did a debug on the client and found out that \
:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>addReferencesToSign() \
[WSSecSignatureSAML.java]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>{<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>…<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
String idToSign = encPart.getId();<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>….<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
Element body = (Element) WSSecurityUtil.findElement(<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> & \
nbsp;
envelope, elemName, nmSpace);<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
if (body == null) {<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
throw new WSSecurityException(<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> & \
nbsp;
WSSecurityException.FAILURE, "noEncElement",<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> & \
nbsp;
new Object[] { nmSpace + ", " + elemName });<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> & \
nbsp;
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> & \
nbsp;
.........<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>}
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>the value of idToSign is empty.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The value of body is empty.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>However, if I use below :<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
<parameter name="action" value="Timestamp SAMLTokenUnsigned
Signature"/> with signatureParts, it works.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hoping to get some idea <o:p></o:p></span></font></p>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic