[jira] [Commented] (CXF-7536) STRTransform TransformException when manually adding SAML Assertion via SAMLCallback.setAssertionElement()

Mon, 23 Oct 2017 07:46:21 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-7536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16215236#comment-16215236
 ] 

Colm O hEigeartaigh commented on CXF-7536:
------------------------------------------

OK I have moved this JIRA to CXF as it is a CXF issue, not WSS4J. I've done the 
fix so it will be available in the next round of releases. BTW your XPath 
expressions above are not correct, and will not work, as they are missing the 
"Envelope" at the start (e.g. should be 
"/env11:Envelope/env11:Header/wsse:Security/saml:Assertion" and not 
"/env11:Header/wsse:Security/saml:Assertion").

> STRTransform TransformException when manually adding SAML Assertion via 
> SAMLCallback.setAssertionElement()
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-7536
>                 URL: https://issues.apache.org/jira/browse/CXF-7536
>             Project: CXF
>          Issue Type: Bug
>         Environment: Apache Tomcat 8.0.37
>            Reporter: Russell Orf
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>             Fix For: 3.1.14, 3.2.1
>
>         Attachments: catalina.out, service-client.war
>
>
> In Apache CXF v3.1.7, I have a JAX-WS web service client calling a service 
> that requires a HolderOfKey SAML Assertion. The assertions are from a custom 
> service that does not adhere to the WS-Trust SecureTokenService standard, so 
> I am adding them manually in a SAMLCallbackHander, using the 
> callback.setAssertionElement() method.
> When invoking the client, the WSS4J framework is unable to compute the 
> signature for the SecurityTokenReference header block, throwing the below 
> error:
> {{
> javax.xml.crypto.dsig.XMLSignatureException: 
> javax.xml.crypto.dsig.TransformException: 
> org.apache.wss4j.common.ext.WSSecurityException: Referenced token 
> "id-of-SAML-assertion" not found
> at 
> org.apache.wss4j.dom.str.STRParserUtil.getTokenElement(StrParserUtil.java:314)
> at 
> org.apache.wss4j.dom.transform.STRTransformUtil.dereferenceSTR(STRTransformUtil.java:98)
> at 
> org.apache.wss4j.dom.transform.STRTransform.transformIt(STRTransform.java:195)}}
> It appears that the SAML assertion DOM Element that is added via the 
> callback.setAssertionElement() method is not getting searched by the 
> STRParserUtil.getTokenElement() method.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to