[
https://issues.apache.org/jira/browse/CXF-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-3457.
--------------------------------------
Resolution: Fixed
> Service fails to find IssuedToken using SAML bearer subject confirmation
> ------------------------------------------------------------------------
>
> Key: CXF-3457
> URL: https://issues.apache.org/jira/browse/CXF-3457
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Alistair Phipps
> Assignee: Colm O hEigeartaigh
> Fix For: 2.4.1
>
>
> Using 4/12 2.4.0-SNAPSHOT. IssuedTokenInInterceptor.findSecurityResult fails
> to recognize a bearer assertion where getSubjectKeyInfo returns null. This
> results in the message failing the policy check as the IssuedToken is not
> added to the message.
> Sample message:
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><Action
> xmlns="http://www.w3.org/2005/08/addressing";>xxx</Action><MessageID
> xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:xxx</MessageID><To
> xmlns="http://www.w3.org/2005/08/addressing";>xxx</To><ReplyTo
> xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soap:mustUnderstand="1"><wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion
> xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx"
> IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1"
> MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z"
> NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier
>
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute
> AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue
> xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature
> xmlns="http://www.w3.org/2000/09/xmldsig#";
> xmlns:Signature="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference
> URI="#_xxx"><Transforms><Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod
>
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
