ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Salembier (JIRA)" <>
Subject [jira] [Created] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions
Date Tue, 11 Feb 2014 19:42:25 GMT
Willem Salembier created WSS-492:

             Summary: WSS4J adds invalid wsu:Id attribute on SAML assertions
                 Key: WSS-492
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 1.6.14
            Reporter: Willem Salembier
            Assignee: Colm O hEigeartaigh

It was an early Microsoft convention to reference SAML assertions in SignedInfo blocks directly
(without using a SecurityTokenReference as prescribed by the specification). This is still
used in Adobe LiveCycle and several Weblogic server versions.


When an WSEncryptionPart is defined using the SAML NS and elementName, wss4j adds an invalid
wsu:Id to the SAML assertion.

Could SAML assertions be handled such as XML-Enc elements? (cfr
line 150-160)
NS urn:oasis:names:tc:SAML:1.0:assertion
Name Assertion
Attr AssertionID
NS urn:oasis:names:tc:SAML:2.0:assertion
Name Assertion

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message