Colm O hEigeartaigh created CXF-4746:
----------------------------------------
Summary: STS issues invalid SAML 1.1 Assertions under certain
conditions
Key: CXF-4746
URL: https://issues.apache.org/jira/browse/CXF-4746
Project: CXF
Issue Type: Bug
Components: Services
Affects Versions: 2.7.2, 2.6.5, 2.5.8
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 2.5.9, 2.6.6, 2.7.3
The STS issues invalid SAML 1.1 Assertions under certain conditions. Namely, if
an AttributeStatementProvider (such as the ClaimsAttributeStatementProvider) is
explicitly configured on the SAMLTokenProvider, but no AttributeStatement is
actually added (for example, if the client doesn't present any claims).
In this case, a SAML 1.1 Assertion can be issued with no Statements, something
which is invalid according to the schema.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
