Ted, just a question: is .NET deviating from the standard or is it standard to use AssertionID in this case?
We never had interop tests with the SAML functions of WSS4J. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Ted X Toth (JIRA) [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 29. Juni 2005 15:32 > An: [email protected] > Betreff: [jira] Created: (WSFX-51) .NET WSE signature > validation of SAML Assertion throws exception > > > .NET WSE signature validation of SAML Assertion throws exception > ---------------------------------------------------------------- > > Key: WSFX-51 > URL: http://issues.apache.org/jira/browse/WSFX-51 > Project: WSFX > Type: Improvement > Components: WSS4J > Environment: Windows XP, .Net 2003 WSE 2.0 > Reporter: Ted X Toth > Attachments: WSSecurityUtil.diff, WSSignEnvelope.diff > > The .NET WSE SecurityInputFilter throws a signature > validation exception when checking the signature of a SAML > Assertion. The exception occurs because the filter uses the > signature reference to look up the assertion by its > AssertionID and the look up fails because wss4j assumes the > lookup is done on the wsu:Id. The purposed solution is to > make the wsu:Id the same as the AssertionId. > > -- > This message is automatically generated by JIRA. > - > If you think it was sent incorrectly contact one of the > administrators: > http://issues.apache.org/jira/secure/Administrators.jspa > - > For more information on JIRA, see: > http://www.atlassian.com/software/jira > >
