ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Schroth <ralf.schr...@gmail.com>
Subject Error in SAML1.1 Conditions support of WSS4J 1.6.0?
Date Sun, 15 May 2011 14:34:43 GMT
Hi All,

while playing around with WSS4J 1.6.0 to get familiar with it I
encountered a problem with the conditions element generated for a
SAML1.1 assertion. The generated element in the XML document is called
"ConditionsType" but as of my understanding of the SAML 1.1 Core spec
it should rather be only "Conditions".

Lets take an example generated by unittest SamlTokenSVTest.java:
<saml1:Assertion xmlns=""
xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
AssertionID="0DBE629B155365272C13054683742576"
IssueInstant="2011-05-15T14:06:14.257Z" Issuer="www.example.com"
MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType">
    <saml1:ConditionsType NotBefore="2011-05-15T14:06:17.767Z"
NotOnOrAfter="2011-05-15T14:11:17.767Z">
    </saml1:ConditionsType>
    <saml1:AuthenticationStatement
AuthenticationInstant="2011-05-15T14:06:14.257Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
xsi:type="saml1:AuthenticationStatementType">
        <saml1:Subject>
            <saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="www.example.com">
                uid=joe,ou=people,ou=saml-demo,o=example.com
            </saml1:NameIdentifier>
            <saml1:SubjectConfirmation>
                <saml1:ConfirmationMethod>
                    urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
                </saml1:ConfirmationMethod>
            </saml1:SubjectConfirmation>
        </saml1:Subject>
    </saml1:AuthenticationStatement>
</saml1:Assertion>

You can see the element <saml1:ConditionsType ....> in the second line
of the output.

I guess the error originates in
org.apache.ws.security.saml.ext.builder.SAML1ComponentBuilder line 236
which is says:
Conditions conditions = conditionsV1Builder.buildObject(Conditions.TYPE_NAME);

I would rather expect
Conditions conditions = conditionsV1Builder.buildObject();

Did I miss something or is this really a bug in WSS4J 1.6.0?

Thx and Kind Regards,
Ralf

Mime
View raw message