This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/wss4j-saml-refactor in repository https://gitbox.apache.org/repos/asf/cxf.git
commit b86156735bd7f20de26e4327359f95e08b374ddd Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Wed Jul 2 13:25:31 2025 +0100 Moved SAML validation results into CXF --- .../java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index ba06a694f4..34fd320ff2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -73,6 +73,7 @@ import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.common.saml.DOMSAMLUtil; import org.apache.wss4j.common.dom.WSConstants; import org.apache.wss4j.common.WSDataRef; import org.apache.wss4j.common.dom.engine.WSSConfig; @@ -325,6 +326,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { originalNode = elem.cloneNode(true); } WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData); + + if (engine.getCallbackLookup() != null && reqData.isValidateSamlSubjectConfirmation()) { + DOMSAMLUtil.validateSAMLResults(wsResult.getActionResults(), reqData.getTlsCerts(), + engine.getCallbackLookup().getSOAPBody()); + } + importNewDomToSAAJ(doc, elem, originalNode, wsResult); Element header = SAAJUtils.getHeader(doc); Element body = SAAJUtils.getBody(doc);
