ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Salembier (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions
Date Tue, 11 Feb 2014 19:42:25 GMT
Willem Salembier created WSS-492:
------------------------------------

             Summary: WSS4J adds invalid wsu:Id attribute on SAML assertions
                 Key: WSS-492
                 URL: https://issues.apache.org/jira/browse/WSS-492
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 1.6.14
            Reporter: Willem Salembier
            Assignee: Colm O hEigeartaigh


It was an early Microsoft convention to reference SAML assertions in SignedInfo blocks directly
(without using a SecurityTokenReference as prescribed by the specification). This is still
used in Adobe LiveCycle and several Weblogic server versions.

eg.
http://help.adobe.com/en_US/livecycle/11.0/ProgramLC/WS624e3cba99b79e12e8929091336a351d33-7fd1.2.html
http://docs.oracle.com/cd/E14571_01/web.1111/e13759/interop.htm#BABHCAHI

When an WSEncryptionPart is defined using the SAML NS and elementName, wss4j adds an invalid
wsu:Id to the SAML assertion.

Could SAML assertions be handled such as XML-Enc elements? (cfr org.apache.ws.security.message.WSecBase
line 150-160)

https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd
NS urn:oasis:names:tc:SAML:1.0:assertion
Name Assertion
Attr AssertionID

http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
NS urn:oasis:names:tc:SAML:2.0:assertion
Name Assertion
Id ID






--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message