[
https://issues.apache.org/jira/browse/RAMPART-387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sagara Gunathunga updated RAMPART-387:
---------------------------------------
Fix Version/s: (was: 1.6.2)
1.6.3
> Rampart reports SAML Token Missing In Request
> ---------------------------------------------
>
> Key: RAMPART-387
> URL: https://issues.apache.org/jira/browse/RAMPART-387
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Environment: Windows 7 64; Axis2/Rampart deployment in Tomcat
> Reporter: Brian Reinhold
> Labels: newbie
> Fix For: 1.6.3
>
>
> When sending a message containing a SAML Token generated by Rampart's STS
> service, the module PolicyBasedResultsValidator.handleSupportingTokens()
> throws a RampartException with
> message "samlTokenMissing".
> I believe the error is due to only attempting to validate an unsigned token.
> The token created by the STS service is signed as it must be by WS Security
> requirements.
> Starting at line 323 one sees:
> else if (token instanceof IssuedToken)
> {
> //TODO is is enough to check for ST_UNSIGNED results ??
> WSSecurityEngineResult samlResult =
> WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
> if (samlResult == null)
> {
> throw new RampartException("samlTokenMissing");
> }
> There needs to be a check for ST_SIGNED.
> I do not know how to build the distribution or I would try this myself.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
