[jira] [Created] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation

Sun, 17 Apr 2011 12:50:47 -0700 

Service fails to find IssuedToken using SAML bearer subject confirmation
------------------------------------------------------------------------

                 Key: CXF-3457
                 URL: https://issues.apache.org/jira/browse/CXF-3457
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.4
            Reporter: Alistair Phipps


Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails 
to recognize a bearer assertion where getSubjectKeyInfo returns null.  This 
results in the message failing the policy check as the IssuedToken is not added 
to the message.

Sample message:

<soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action 
xmlns="http://www.w3.org/2005/08/addressing";>xxx</Action><MessageID 
xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:xxx</MessageID><To 
xmlns="http://www.w3.org/2005/08/addressing";>xxx</To><ReplyTo 
xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security
 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soap:mustUnderstand="1"><wsu:Timestamp 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion
 xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" 
IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" 
MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" 
NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier
 
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute
 AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue 
xmlns:xs="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature
 xmlns="http://www.w3.org/2000/09/xmldsig#"; 
xmlns:Signature="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
 Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference 
URI="#_xxx"><Transforms><Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to