[
https://issues.apache.org/jira/browse/CXF-7013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15435228#comment-15435228
]
Colm O hEigeartaigh commented on CXF-7013:
------------------------------------------
For the record, I've changed how this works in WSS4J 2.2.0 (not backporting for
backwards compatibility reasons): https://issues.apache.org/jira/browse/WSS-586
> SAML token using ws-security.callback-handler as for UT with ID attribute
> value
> -------------------------------------------------------------------------------
>
> Key: CXF-7013
> URL: https://issues.apache.org/jira/browse/CXF-7013
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.0.6
> Reporter: Grzegorz Maczuga
> Assignee: Colm O hEigeartaigh
> Priority: Minor
>
> Processing of SAML token results in call of configured
> ws-security.callback-handler same as for Username Token.
> When CXF receives (no UT in it):
> <wss:Security>
> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
> <saml:Issuer
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
> <saml:Subject>
> <saml:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
> ...
> </wss:Security>
> it calls configured:
> ws-security.callback-handler=com.SecurityCallback
> with ID="Abc-1" from above Security section as username.
> Ignoring this and moving on has no impact on processing SAML token but if
> SecurityCallback does some funny stuff (or at list logging) for each received
> UT it is really confusing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
