[
https://issues.apache.org/jira/browse/CXF-7013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15436403#comment-15436403
]
Grzegorz Maczuga commented on CXF-7013:
---------------------------------------
Thanks Colm, that indeed will fix the issue I have w/o additional checks.
> SAML token using ws-security.callback-handler as for UT with ID attribute
> value
> -------------------------------------------------------------------------------
>
> Key: CXF-7013
> URL: https://issues.apache.org/jira/browse/CXF-7013
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.0.6
> Reporter: Grzegorz Maczuga
> Assignee: Colm O hEigeartaigh
> Priority: Minor
>
> Processing of SAML token results in call of configured
> ws-security.callback-handler same as for Username Token.
> When CXF receives (no UT in it):
> <wss:Security>
> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
> <saml:Issuer
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
> <saml:Subject>
> <saml:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
> ...
> </wss:Security>
> it calls configured:
> ws-security.callback-handler=com.SecurityCallback
> with ID="Abc-1" from above Security section as username.
> Ignoring this and moving on has no impact on processing SAML token but if
> SecurityCallback does some funny stuff (or at list logging) for each received
> UT it is really confusing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
