[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: [jira] [Closed] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2014-04-07 17:45:17
Message-ID: JIRA.12694576.1392147657034.74506.1396892717979 () arcas
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh closed WSS-492.
-----------------------------------
> WSS4J adds invalid wsu:Id attribute on SAML assertions
> ------------------------------------------------------
>
> Key: WSS-492
> URL: https://issues.apache.org/jira/browse/WSS-492
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6.14
> Reporter: Willem Salembier
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.15
>
>
> It was an early Microsoft convention to reference SAML assertions in SignedInfo \
> blocks directly (without using a SecurityTokenReference as prescribed by the \
> specification). This is still used in Adobe LiveCycle and several Weblogic server \
> versions. eg.
> http://help.adobe.com/en_US/livecycle/11.0/ProgramLC/WS624e3cba99b79e12e8929091336a351d33-7fd1.2.html
> http://docs.oracle.com/cd/E14571_01/web.1111/e13759/interop.htm#BABHCAHI
> When an WSEncryptionPart is defined using the SAML NS and elementName, wss4j adds \
> an invalid wsu:Id to the SAML assertion. Could SAML assertions be handled such as \
> XML-Enc elements? (cfr org.apache.ws.security.message.WSecBase line 150-160) \
> https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd
> NS urn:oasis:names:tc:SAML:1.0:assertion
> Name Assertion
> Attr AssertionID
> http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
> NS urn:oasis:names:tc:SAML:2.0:assertion
> Name Assertion
> Id ID
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic