I think the standard (according to the WS-Security SAML Token profile) is to use AssertionID: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf
I think technically a wsu:Id shouldn't even be included a SAML Assertion because it's not part of the schema. David Dittmann, Werner said: > Ted, > > just a question: is .NET deviating from the standard or > is it standard to use AssertionID in this case? > > We never had interop tests with the SAML functions > of WSS4J. > > Regards, > Werner > >> -----Ursprüngliche Nachricht----- >> Von: Ted X Toth (JIRA) [mailto:[EMAIL PROTECTED] >> Gesendet: Mittwoch, 29. Juni 2005 15:32 >> An: [email protected] >> Betreff: [jira] Created: (WSFX-51) .NET WSE signature >> validation of SAML Assertion throws exception >> >> >> .NET WSE signature validation of SAML Assertion throws exception >> ---------------------------------------------------------------- >> >> Key: WSFX-51 >> URL: http://issues.apache.org/jira/browse/WSFX-51 >> Project: WSFX >> Type: Improvement >> Components: WSS4J >> Environment: Windows XP, .Net 2003 WSE 2.0 >> Reporter: Ted X Toth >> Attachments: WSSecurityUtil.diff, WSSignEnvelope.diff >> >> The .NET WSE SecurityInputFilter throws a signature >> validation exception when checking the signature of a SAML >> Assertion. The exception occurs because the filter uses the >> signature reference to look up the assertion by its >> AssertionID and the look up fails because wss4j assumes the >> lookup is done on the wsu:Id. The purposed solution is to >> make the wsu:Id the same as the AssertionId. >> >> -- >> This message is automatically generated by JIRA. >> - >> If you think it was sent incorrectly contact one of the >> administrators: >> http://issues.apache.org/jira/secure/Administrators.jspa >> - >> For more information on JIRA, see: >> http://www.atlassian.com/software/jira >> >> >
