[
https://issues.apache.org/jira/browse/RAMPART-317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thilina Buddhika resolved RAMPART-317.
--------------------------------------
Resolution: Fixed
Fix Version/s: 1.6.0
Applied the patch to both 1_6 branch and trunk (r1074044 ).
> Rampart Trust implementation does not properly handle SAML token with Bearer
> subject confirmation method.
> ---------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-317
> URL: https://issues.apache.org/jira/browse/RAMPART-317
> Project: Rampart
> Issue Type: Bug
> Components: rampart-trust
> Affects Versions: 1.5
> Reporter: Thilina Buddhika
> Assignee: Thilina Buddhika
> Fix For: 1.6.0
>
> Attachments: RAMPART-317.patch
>
>
> Rampart always assumes the SAML tokens to be issued with HoK subject
> confirmation. When it receives a token with the Bearer subject confirmation
> method, it tries to retrieve the keyinfo from the assertion which is not
> available in case of bearer subject confirmation.
> Following is the stack trace returned in such a scenario.
> [2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request
> org.apache.axis2.AxisFault: General security error (SAML token security
> failure); nested exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
> an ElementProxy from a null argument
> at
> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> at
> org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
> at
> org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
> at
> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: org.apache.ws.security.WSSecurityException: General security error
> (SAML token security failure); nested exception is:
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
> an ElementProxy from a null argument
> at
> org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 10 more
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot
> create an ElementProxy from a null argument
> at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
> at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
> Source)
> at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> at
> org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
> ... 12 more
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
