[
https://issues.apache.org/jira/browse/RAMPART-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653568#comment-14653568
]
Brian Reinhold commented on RAMPART-387:
----------------------------------------
Hey,
Isn't anyone going to resolve this issue? The issue is still indicated as OPEN.
The fix I have proposed works so all that is needed is to implement it in the
distribution!
> Rampart reports SAML Token Missing In Request
> ---------------------------------------------
>
> Key: RAMPART-387
> URL: https://issues.apache.org/jira/browse/RAMPART-387
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Environment: Windows 7 64; Axis2/Rampart deployment in Tomcat
> Reporter: Brian Reinhold
> Labels: newbie
> Fix For: 1.6.3
>
>
> When sending a message containing a SAML Token generated by Rampart's STS
> service, the module PolicyBasedResultsValidator.handleSupportingTokens()
> throws a RampartException with
> message "samlTokenMissing".
> I believe the error is due to only attempting to validate an unsigned token.
> The token created by the STS service is signed as it must be by WS Security
> requirements.
> Starting at line 323 one sees:
> else if (token instanceof IssuedToken)
> {
> //TODO is is enough to check for ST_UNSIGNED results ??
> WSSecurityEngineResult samlResult =
> WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
> if (samlResult == null)
> {
> throw new RampartException("samlTokenMissing");
> }
> There needs to be a check for ST_SIGNED.
> I do not know how to build the distribution or I would try this myself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
