'[jira] Resolved: (WSS-238) Switch to wsse:KeyIdentifier instead of'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-dev
Subject:    [jira] Resolved: (WSS-238) Switch to wsse:KeyIdentifier instead of
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2010-11-22 12:47:13
Message-ID: 25453070.233381290430033760.JavaMail.jira () thor
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh resolved WSS-238.
-------------------------------------

    Resolution: Fixed

> Switch to wsse:KeyIdentifier instead of wsse:Reference for SAML references within \
>                 SOAP:body EncryptedData elements.
> -------------------------------------------------------------------------------------------------------------------
>  
> Key: WSS-238
> URL: https://issues.apache.org/jira/browse/WSS-238
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.5.9
> Reporter: Glen Mazza
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.10, 1.6
> 
> Attachments: EncryptedDataPatch.txt, patch238.txt, \
> TestWSSecuritySAMLKeyIdentifier.java, wss-238-revised.patch, \
> WSS238_CXFClient_ALWAYS.txt, WSS238_MetroClient_ALWAYS.txt, WSS238Results.txt 
> 
> Per CXF bug CXF-2894: http://tinyurl.com/23jx6cx
> Within the soap:body/EncryptedData/SecurityTokenReference element, Glassfish Metro \
> is requiring wsse:KeyIdentifiers instead of wsse:Reference elements when referring \
> to SAML Assertions.  Metro appears correct because the SAML Token Profile does not \
> define usage of wsse:Reference for SAML Assertions, only KeyIdentifier or \
> EmbeddedReference. (Section 3.3 of SAML Token Profile of 1 Dec. 2004 pdf lines \
> 250-272.) The attached patch will switch SecurityTokenReference from wsse:Reference \
> to wsse:KeyIdentifier when handling SAML Assertions.  I've confirmed Metro web \
> service providers will now work with this patch.  However, backwards compatibility \
> issues with systems expecting the current wsse:Reference may need to be taken into \
> account. WSS4J has another problem with not being able to decrypt SOAP responses \
> that use wsse:KeyIdentifier instead of wsse:Reference for SAML Assertions.  Namely, \
> org.apache.ws.security.processor.ReferenceListProcessor's \
> getKeyFromSecurityTokenReference() method will need changing to be able to work \
> with SAML Assertions coming from a wsse:KeyIdentifier element instead of \
> wsse:Reference.  I was not immediately successful in getting this second part to \
> work because I could not see how a SAMLTokenProcessor can be initialized from a \
> KeyIdentifier instead of the Reference element within this method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic