ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1652049 - in /webservices/wss4j/branches/1_6_x-fixes/src: main/java/org/apache/ws/security/util/ main/java/org/apache/ws/security/validate/ test/java/org/apache/ws/security/common/ test/java/org/apache/ws/security/saml/
Date Thu, 15 Jan 2015 11:06:06 GMT
Author: coheigea
Date: Thu Jan 15 11:06:06 2015
New Revision: 1652049

URL: http://svn.apache.org/r1652049
Log:
[WSS-522] - Enforce security constraints on SAML AuthnStatement attributes


Conflicts:
	src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
	src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
	ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java

Added:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/util/InetAddressUtils.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAuthnTest.java
Modified:
    webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java

Added: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/util/InetAddressUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/util/InetAddressUtils.java?rev=1652049&view=auto
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/util/InetAddressUtils.java
(added)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/util/InetAddressUtils.java
Thu Jan 15 11:06:06 2015
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.ws.security.util;
+
+import java.util.regex.Pattern;
+
+/**
+ * A collection of utilities relating to InetAddresses.
+ * 
+ * Copied from httpclient.
+ */
+public final class InetAddressUtils {
+
+    private static final String IPV4_BASIC_PATTERN_STRING =
+            "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}" // initial 3 fields,
0-255 followed by .
+            + "([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"; // final field, 0-255
+
+    private static final Pattern IPV4_PATTERN =
+        Pattern.compile("^" + IPV4_BASIC_PATTERN_STRING + "$");
+
+    private static final Pattern IPV4_MAPPED_IPV6_PATTERN = // TODO does not allow for redundant
leading zeros
+            Pattern.compile("^::[fF]{4}:" + IPV4_BASIC_PATTERN_STRING + "$");
+
+    private static final Pattern IPV6_STD_PATTERN =
+        Pattern.compile(
+                "^[0-9a-fA-F]{1,4}(:[0-9a-fA-F]{1,4}){7}$");
+
+    private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
+        Pattern.compile(
+                "^(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)" // 0-6 hex fields
+                + "::"
+                + "(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$"); // 0-6 hex fields
+
+    /*
+     *  The above pattern is not totally rigorous as it allows for more than 7 hex fields
in total
+     */
+    private static final char COLON_CHAR = ':';
+
+    // Must not have more than 7 colons (i.e. 8 fields)
+    private static final int MAX_COLON_COUNT = 7;
+    
+    private InetAddressUtils() {
+    }
+
+    /**
+     * Checks whether the parameter is a valid IPv4 address
+     *
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid IPv4 address
+     */
+    public static boolean isIPv4Address(final String input) {
+        return IPV4_PATTERN.matcher(input).matches();
+    }
+
+    public static boolean isIPv4MappedIPv64Address(final String input) {
+        return IPV4_MAPPED_IPV6_PATTERN.matcher(input).matches();
+    }
+
+    /**
+     * Checks whether the parameter is a valid standard (non-compressed) IPv6 address
+     *
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid standard (non-compressed) IPv6 address
+     */
+    public static boolean isIPv6StdAddress(final String input) {
+        return IPV6_STD_PATTERN.matcher(input).matches();
+    }
+
+    /**
+     * Checks whether the parameter is a valid compressed IPv6 address
+     *
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid compressed IPv6 address
+     */
+    public static boolean isIPv6HexCompressedAddress(final String input) {
+        int colonCount = 0;
+        for (int i = 0; i < input.length(); i++) {
+            if (input.charAt(i) == COLON_CHAR) {
+                colonCount++;
+            }
+        }
+        return  colonCount <= MAX_COLON_COUNT && IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
+    }
+
+    /**
+     * Checks whether the parameter is a valid IPv6 address (including compressed).
+     *
+     * @param input the address string to check for validity
+     * @return true if the input parameter is a valid standard or compressed IPv6 address
+     */
+    public static boolean isIPv6Address(final String input) {
+        return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+    }
+
+}

Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java?rev=1652049&r1=1652048&r2=1652049&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/SamlAssertionValidator.java
Thu Jan 15 11:06:06 2015
@@ -30,8 +30,11 @@ import org.apache.ws.security.saml.ext.A
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.ws.security.util.InetAddressUtils;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.AuthenticationStatement;
+import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.xml.validation.ValidationException;
 import org.opensaml.xml.validation.ValidatorSuite;
 
@@ -104,6 +107,9 @@ public class SamlAssertionValidator exte
         // Check conditions
         checkConditions(assertion);
 
+        // Check the AuthnStatements of the Assertion (if any)
+        checkAuthnStatements(assertion);
+        
         // Check OneTimeUse Condition
         checkOneTimeUse(assertion, data);
         
@@ -253,6 +259,74 @@ public class SamlAssertionValidator exte
     }
 
     /**
+     * Check the AuthnStatements of the Assertion (if any)
+     */
+    protected void checkAuthnStatements(AssertionWrapper assertion) throws WSSecurityException
{
+        if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
+            && assertion.getSaml2().getAuthnStatements() != null) {
+            List<AuthnStatement> authnStatements = assertion.getSaml2().getAuthnStatements();
+
+            for (AuthnStatement authnStatement : authnStatements) {
+                DateTime authnInstant = authnStatement.getAuthnInstant();
+                DateTime sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
+                String subjectLocalityAddress = null;
+
+                if (authnStatement.getSubjectLocality() != null
+                    && authnStatement.getSubjectLocality().getAddress() != null)
{
+                    subjectLocalityAddress = authnStatement.getSubjectLocality().getAddress();
+                }
+
+                validateAuthnStatement(authnInstant, sessionNotOnOrAfter, 
+                                       subjectLocalityAddress, futureTTL);
+            }
+        } else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
+            && assertion.getSaml1().getAuthenticationStatements() != null) {
+            List<AuthenticationStatement> authnStatements = 
+                assertion.getSaml1().getAuthenticationStatements();
+
+            for (AuthenticationStatement authnStatement : authnStatements) {
+                DateTime authnInstant = authnStatement.getAuthenticationInstant();
+                String subjectLocalityAddress = null;
+
+                if (authnStatement.getSubjectLocality() != null
+                    && authnStatement.getSubjectLocality().getIPAddress() != null)
{
+                    subjectLocalityAddress = authnStatement.getSubjectLocality().getIPAddress();
+                }
+
+                validateAuthnStatement(authnInstant, null, 
+                                       subjectLocalityAddress, futureTTL);
+            }
+        }
+    }
+        
+    private void validateAuthnStatement(
+        DateTime authnInstant, DateTime sessionNotOnOrAfter, String subjectLocalityAddress,
+        int futureTTL
+    ) throws WSSecurityException {
+        // AuthnInstant in the future
+        DateTime currentTime = new DateTime();
+        currentTime = currentTime.plusSeconds(futureTTL);
+        if (authnInstant.isAfter(currentTime)) {
+            LOG.debug("SAML Token AuthnInstant not met");
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+
+        // Stale SessionNotOnOrAfter
+        if (sessionNotOnOrAfter != null && sessionNotOnOrAfter.isBeforeNow()) {
+            LOG.debug("SAML Token SessionNotOnOrAfter not met");
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+
+        // Check that the SubjectLocality address is an IP address
+        if (subjectLocalityAddress != null
+            && !(InetAddressUtils.isIPv4Address(subjectLocalityAddress)
+                || InetAddressUtils.isIPv6Address(subjectLocalityAddress))) {
+            LOG.debug("SAML Token SubjectLocality address is not valid: " + subjectLocalityAddress);
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+        }
+    }
+    
+    /**
      * Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion
      * is cached (if a cache is defined), and must not have been previously cached
      */

Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1652049&r1=1652048&r2=1652049&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java
Thu Jan 15 11:06:06 2015
@@ -67,6 +67,15 @@ public abstract class AbstractSAMLCallba
     protected String subjectLocalityIpAddress = null;
     protected String subjectLocalityDnsAddress = null;
     protected DateTime sessionNotOnOrAfter = null;
+    protected DateTime authenticationInstant;
+    public DateTime getAuthenticationInstant() {
+        return authenticationInstant;
+    }
+
+    public void setAuthenticationInstant(DateTime authenticationInstant) {
+        this.authenticationInstant = authenticationInstant;
+    }
+
     protected String resource = null;
     protected List<?> customAttributeValues = null;
     protected ConditionsBean conditions = null;
@@ -141,6 +150,7 @@ public abstract class AbstractSAMLCallba
                 authBean.setSubjectLocality(subjectLocality);
             }
             authBean.setAuthenticationMethod("Password");
+            authBean.setAuthenticationInstant(authenticationInstant);
             authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
             callback.setAuthenticationStatementData(Collections.singletonList(authBean));
         } else if (statement == Statement.ATTR) {

Added: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAuthnTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAuthnTest.java?rev=1652049&view=auto
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAuthnTest.java
(added)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlAuthnTest.java
Thu Jan 15 11:06:06 2015
@@ -0,0 +1,200 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.saml;
+
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.common.CustomSamlAssertionValidator;
+import org.apache.ws.security.common.SAML1CallbackHandler;
+import org.apache.ws.security.common.SAML2CallbackHandler;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecSAMLToken;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.util.XMLUtils;
+import org.joda.time.DateTime;
+import org.w3c.dom.Document;
+
+/**
+ * Some tests for SAML Authentication Assertions
+ */
+public class SamlAuthnTest extends org.junit.Assert {
+    private static final org.slf4j.Logger LOG = 
+        org.slf4j.LoggerFactory.getLogger(SamlAuthnTest.class);
+    private WSSecurityEngine secEngine = new WSSecurityEngine();
+    
+    public SamlAuthnTest() {
+        WSSConfig config = WSSConfig.getNewInstance();
+        config.setValidator(WSSecurityEngine.SAML_TOKEN, new CustomSamlAssertionValidator());
+        config.setValidator(WSSecurityEngine.SAML2_TOKEN, new CustomSamlAssertionValidator());
+        secEngine.setWssConfig(config);
+    }
+    
+    @org.junit.Test
+    public void testSAML1AuthnAssertion() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        createAndVerifyMessage(callbackHandler, true);
+    }
+    
+    @org.junit.Test
+    public void testSAML2AuthnAssertion() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        createAndVerifyMessage(callbackHandler, true);
+    }
+    
+    @org.junit.Test
+    public void testSAML1FutureAuthnInstant() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+        
+        createAndVerifyMessage(callbackHandler, false);
+    }
+    
+    @org.junit.Test
+    public void testSAML2FutureAuthnInstant() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+        
+        createAndVerifyMessage(callbackHandler, false);
+    }
+    
+    @org.junit.Test
+    public void testSAML2StaleSessionNotOnOrAfter() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSessionNotOnOrAfter(new DateTime().minusMinutes(70));
+        
+        createAndVerifyMessage(callbackHandler, false);
+    }
+    
+    @org.junit.Test
+    public void testSAML1ValidSubjectLocality() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+        
+        createAndVerifyMessage(callbackHandler, true);
+    }
+    
+    @org.junit.Test
+    public void testSAML2ValidSubjectLocality() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+        
+        createAndVerifyMessage(callbackHandler, true);
+    }
+    
+    @org.junit.Test
+    public void testSAML1InvalidSubjectLocality() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+        
+        createAndVerifyMessage(callbackHandler, false);
+    }
+    
+    @org.junit.Test
+    public void testSAML2InalidSubjectLocality() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+        
+        createAndVerifyMessage(callbackHandler, false);
+    }
+    
+    private void createAndVerifyMessage(
+        CallbackHandler samlCallbackHandler, boolean success
+    ) throws Exception {
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(samlCallbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                XMLUtils.PrettyDocumentToString(unsignedDoc);
+            LOG.debug(outputString);
+        }
+        
+        try {
+            verify(unsignedDoc);
+            if (!success) {
+                fail("Failure expected in processing the SAML assertion");
+            }
+        } catch (WSSecurityException ex) {
+            assertTrue(!success);
+            assertTrue(ex.getMessage().contains("SAML token security failure"));
+        }
+    }
+    
+    /**
+     * Verifies the soap envelope
+     * <p/>
+     * 
+     * @param envelope 
+     * @throws Exception Thrown when there is a problem in verification
+     */
+    private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+        List<WSSecurityEngineResult> results = 
+            secEngine.processSecurityHeader(doc, null, null, null);
+        String outputString = 
+            XMLUtils.PrettyDocumentToString(doc);
+        assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+        return results;
+    }
+    
+}

Modified: webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1652049&r1=1652048&r2=1652049&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
(original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
Thu Jan 15 11:06:06 2015
@@ -644,7 +644,7 @@ public class SamlTokenTest extends org.j
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
         callbackHandler.setIssuer("www.example.com");
-        callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+        callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
         
         SAMLParms samlParms = new SAMLParms();
         samlParms.setCallbackHandler(callbackHandler);
@@ -664,7 +664,7 @@ public class SamlTokenTest extends org.j
             LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
             LOG.debug(outputString);
         }
-        assertTrue(outputString.contains("12.34.56.780"));
+        assertTrue(outputString.contains("12.34.56.78"));
         assertTrue(outputString.contains("test-dns"));
         
         List<WSSecurityEngineResult> results = verify(unsignedDoc);
@@ -725,7 +725,7 @@ public class SamlTokenTest extends org.j
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
         callbackHandler.setIssuer("www.example.com");
-        callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+        callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
         
         SAMLParms samlParms = new SAMLParms();
         samlParms.setCallbackHandler(callbackHandler);
@@ -745,7 +745,7 @@ public class SamlTokenTest extends org.j
             LOG.debug("SAML 2 Authn Assertion (sender vouches):");
             LOG.debug(outputString);
         }
-        assertTrue(outputString.contains("12.34.56.780"));
+        assertTrue(outputString.contains("12.34.56.78"));
         assertTrue(outputString.contains("test-dns"));
         
         List<WSSecurityEngineResult> results = verify(unsignedDoc);



Mime
View raw message