Rampart Trust implementation does not properly handle SAML token with Bearer
subject confirmation method.
---------------------------------------------------------------------------------------------------------
Key: RAMPART-317
URL: https://issues.apache.org/jira/browse/RAMPART-317
Project: Rampart
Issue Type: Bug
Components: rampart-trust
Affects Versions: 1.5
Reporter: Thilina Buddhika
Rampart always assumes the SAML tokens to be issued with HoK subject
confirmation. When it receives a token with the Bearer subject confirmation
method, it tries to retrieve the keyinfo from the assertion which is not
available in case of bearer subject confirmation.
Following is the stack trace returned in such a scenario.
[2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request
org.apache.axis2.AxisFault: General security error (SAML token security
failure); nested exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
an ElementProxy from a null argument
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
at
org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
at
org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
at
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: General security error
(SAML token security failure); nested exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
an ElementProxy from a null argument
at
org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot
create an ElementProxy from a null argument
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
at
org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
... 12 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
