[
https://issues.apache.org/jira/browse/RAMPART-317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thilina Buddhika updated RAMPART-317:
-------------------------------------
Attachment: RAMPART-317.patch
The patch attached herewith fixes the above mentioned issue. It checks the
subject confirmation method of the token and does not try to extract KeyInfo
from the token if it is Bearer subject confirmation.
> Rampart Trust implementation does not properly handle SAML token with Bearer
> subject confirmation method.
> ---------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-317
> URL: https://issues.apache.org/jira/browse/RAMPART-317
> Project: Rampart
> Issue Type: Bug
> Components: rampart-trust
> Affects Versions: 1.5
> Reporter: Thilina Buddhika
> Attachments: RAMPART-317.patch
>
>
> Rampart always assumes the SAML tokens to be issued with HoK subject
> confirmation. When it receives a token with the Bearer subject confirmation
> method, it tries to retrieve the keyinfo from the assertion which is not
> available in case of bearer subject confirmation.
> Following is the stack trace returned in such a scenario.
> [2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request
> org.apache.axis2.AxisFault: General security error (SAML token security
> failure); nested exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
> an ElementProxy from a null argument
> at
> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> at
> org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
> at
> org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
> at
> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: org.apache.ws.security.WSSecurityException: General security error
> (SAML token security failure); nested exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
> an ElementProxy from a null argument
> at
> org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 10 more
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot
> create an ElementProxy from a null argument
> at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
> at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
> Source)
> at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> at
> org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
> ... 12 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
