[
https://issues.apache.org/jira/browse/AXIOM-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15132254#comment-15132254
]
Detelin Yordanov commented on AXIOM-482:
----------------------------------------
I have linked to the change in Rampart which enabled usage of cached assertion
element during marshalling. Trying to validate the signature of the so
marshalled assertion fails, since signature validator cannot dereference the
assertion element by id:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID urn:uuid:DFFF6E022F317A42281454487778304
at
org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:414)
at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:256)
at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:728)
at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:68)
I'm wondering whether re-registering the id attribute on the document is an
acceptable workaround in Rampart until the issue is fixed in either Axiom or
Opensaml.
> Attaching an OMElement to a DOM Document does not update its id attributes
> --------------------------------------------------------------------------
>
> Key: AXIOM-482
> URL: https://issues.apache.org/jira/browse/AXIOM-482
> Project: Axiom
> Issue Type: Bug
> Components: DOOM
> Affects Versions: 1.2.17
> Reporter: Detelin Yordanov
> Attachments: OpensamlAssertionMarshallTest.zip
>
>
> When using Opensaml to marshall a SAML assertion from a soap envelope built
> with Axiom DOOM, the resulting assertion element cannot be properly copied to
> a new fresh Document - the copy is successful, however searching the Document
> for the assertion by its id (Document.getElementById()) returns null.
> It seems that Axiom Document implementation caches the id attributes (under
> idAttrs field) and these are not updated when a new OMElement is appended to
> the document.
> Opensaml marshaller uses Document.adoptNode(assertion) API followed by
> Document.appendNode(assertion) but neither of these update the id attributes
> in Axiom DocumentImpl so afterwards Document.getElementById(assertionId)
> returns null.
> I'm not quite certain that this issue is in Axiom, it might as well be in
> Opensaml. I'm providing a unit test that demonstrates the issue. Similar code
> is used in Axis2's Rampart security module when storing a processed SAML
> assertion to its token store.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
