'[jira] [Closed] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Closed] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2014-04-07 17:45:17
Message-ID: JIRA.12694576.1392147657034.74506.1396892717979 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh closed WSS-492.
-----------------------------------


> WSS4J adds invalid wsu:Id attribute on SAML assertions
> ------------------------------------------------------
> 
> Key: WSS-492
> URL: https://issues.apache.org/jira/browse/WSS-492
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6.14
> Reporter: Willem Salembier
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.15
> 
> 
> It was an early Microsoft convention to reference SAML assertions in SignedInfo \
> blocks directly (without using a SecurityTokenReference as prescribed by the \
> specification). This is still used in Adobe LiveCycle and several Weblogic server \
> versions. eg.
> http://help.adobe.com/en_US/livecycle/11.0/ProgramLC/WS624e3cba99b79e12e8929091336a351d33-7fd1.2.html
>  http://docs.oracle.com/cd/E14571_01/web.1111/e13759/interop.htm#BABHCAHI
> When an WSEncryptionPart is defined using the SAML NS and elementName, wss4j adds \
> an invalid wsu:Id to the SAML assertion. Could SAML assertions be handled such as \
> XML-Enc elements? (cfr org.apache.ws.security.message.WSecBase line 150-160) \
> https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd
>  NS urn:oasis:names:tc:SAML:1.0:assertion
> Name Assertion
> Attr AssertionID
> http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
> NS urn:oasis:names:tc:SAML:2.0:assertion
> Name Assertion
> Id ID



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic