[
https://issues.apache.org/jira/browse/WSS-490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-490.
-----------------------------------
> Derived Endorsing policy validation error
> -----------------------------------------
>
> Key: WSS-490
> URL: https://issues.apache.org/jira/browse/WSS-490
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0.0
>
>
> There is a bug in the streaming policy validation code with derived endorsing
> tokens. The use-case is an Issued (SAML) token which is an Endorsing
> (Encrypted) token, with derived keys.
> It appears that the "signsElement" method in the InboundWSSecurityContextImpl
> is matching the token Id of the Derived token, instead of the (deriving) SAML
> Token. Hence the SAML Token is never assigned the "usage" of Endorsing.
> See here for a test to reproduce the problem:
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
