ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WSS-490) Derived Endorsing policy validation error
Date Tue, 14 Jan 2014 13:09:50 GMT

     [ https://issues.apache.org/jira/browse/WSS-490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated WSS-490:
------------------------------------

    Description: 
There is a bug in the streaming policy validation code with derived endorsing tokens. The
use-case is an Issued (SAML) token which is an Endorsing (Encrypted) token, with derived keys.


It appears that the "signsElement" method in the InboundWSSecurityContextImpl is matching
the token Id of the Derived token, instead of the (deriving) SAML Token. Hence the SAML Token
is never assigned the "usage" of Endorsing.

See here for a test to reproduce the problem:

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup

  was:

There is a bug in the streaming policy validation code with derived endorsing tokens. The
use-case is an Issued (SAML) token which is an Endorsing (Encrypted) token, with derived keys.


It appears that the "signsElement" method in the InboundWSSecurityContextImpl is matching
the token Id of the Derived token, instead of the (deriving) SAML Token. Hence the SAML Token
is never assigned the "usage" of Endorsing.


> Derived Endorsing policy validation error
> -----------------------------------------
>
>                 Key: WSS-490
>                 URL: https://issues.apache.org/jira/browse/WSS-490
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0.0
>
>
> There is a bug in the streaming policy validation code with derived endorsing tokens.
The use-case is an Issued (SAML) token which is an Endorsing (Encrypted) token, with derived
keys. 
> It appears that the "signsElement" method in the InboundWSSecurityContextImpl is matching
the token Id of the Derived token, instead of the (deriving) SAML Token. Hence the SAML Token
is never assigned the "usage" of Endorsing.
> See here for a test to reproduce the problem:
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message