Re: Misunderstanding in rampart processIssueResponse

Thu, 29 Jan 2009 13:20:39 -0800 

Hi,

Nandana, you right: in the WS-Trust specification, on the
final leg, it MUST be an RSTRC.

I was confused by the spec. There is also a discussion on the
WS-SX mailing list about it.

The question is now how to deal with negotiation.

But is another story, I don't know if negotiation is implemented
in rampart.

Thank you,

       Massimiliano

Quoting Nandana Mihindukulasooriya <[email protected]>:


Hi Massimiliano,

On Wed, Jan 28, 2009 at 7:58 PM, Massimiliano Masi <[email protected]>wrote:


Hello,

I'm posting here since the rampart's mailing list seems to be dead.
Is it dead? Is rampart still alive?



No, But during certain times developers are busy with other projects and you
might not get an answer to some of your mails. Still we try to answer most
of the questions during our free time.

in STSClient you have the method:


 private Token processIssueResponse(int version, OMElement result,
          String issuerAddress) throws TrustException {
      OMElement rstr = result;
      if (version == RahasConstants.VERSION_05_12) {
          //The WS-SX result will be an RSTRCi
          rstr = result.getFirstElement();
      }

The rstr is always the first element, but for WST1.3 is not
mandatory at all.

This makes the stsclient unable to get the securitytoken
from a message like:

<wst:RequestSecurityTokenResponse xmlns:wst="
http://docs.oasis-open.org/ws-sx/ws-trust/200512";>

<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
          <wst:RequestedAttachedReference>
             <wsse:SecurityTokenReference xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
                <wsse:Reference URI="#_5d26046afa8e38339caa4e1c53735d4d"
ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
             </wsse:SecurityTokenReference>
...
 <wst:RequestedSecurityToken>
             <saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_5d26046afa8e38339caa4e1c53735d4d"
IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
                <saml:Issuer Form....



Yes, this seems a bug. Can you raise a JIRA and even better if you can
attach a patch too.

thanks,
nandana

--
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply via email to