[jira] [Created] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions

Willem Salembier (JIRA) Tue, 11 Feb 2014 11:43:48 -0800

Willem Salembier created WSS-492:
------------------------------------

             Summary: WSS4J adds invalid wsu:Id attribute on SAML assertions
                 Key: WSS-492
                 URL: https://issues.apache.org/jira/browse/WSS-492
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 1.6.14
            Reporter: Willem Salembier
            Assignee: Colm O hEigeartaigh



It was an early Microsoft convention to reference SAML assertions in SignedInfo 
blocks directly (without using a SecurityTokenReference as prescribed by the 
specification). This is still used in Adobe LiveCycle and several Weblogic 
server versions.

eg.
http://help.adobe.com/en_US/livecycle/11.0/ProgramLC/WS624e3cba99b79e12e8929091336a351d33-7fd1.2.html
http://docs.oracle.com/cd/E14571_01/web.1111/e13759/interop.htm#BABHCAHI

When an WSEncryptionPart is defined using the SAML NS and elementName, wss4j 
adds an invalid wsu:Id to the SAML assertion.

Could SAML assertions be handled such as XML-Enc elements? (cfr 
org.apache.ws.security.message.WSecBase line 150-160)

https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd
NS urn:oasis:names:tc:SAML:1.0:assertion
Name Assertion
Attr AssertionID

http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
NS urn:oasis:names:tc:SAML:2.0:assertion
Name Assertion
Id ID






--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (WSS-492) WSS4J adds invalid wsu:Id attribute on SAML assertions

Reply via email to