Hi All, I have a wsse:Header like
Timestamp
Saml2 Assertion (without Subject Confirmation Data)
ds:Signature with wsse:SecurityTokenReference the SAML2 ID, signing the
timestamp.
It's basically a ws-securitypolicy layout.
When validating the signature, I have troubles. If both Callback and
subject confirmation data is
null, I have an NPE in SAMLUtil line 264 (version 1.6.6)
Element sub = subjConfData.getDOM();
which is null.
--
Massimiliano Masi
http://www.mascanc.net/~max
