Thanks Dimuthu. Looking forward to the fix (to replace my local fix :)) ----- Original Message ---- From: Dimuthu Leelarathne <[EMAIL PROTECTED]> To: [email protected] Sent: Friday, October 5, 2007 7:16:12 AM Subject: Re: SamlTokenIssuer adds X509Data element to KeyValue
Hi, I checked out the Digital Signature schema. And it looks like you are right. I will fix it right away. Regards, Dimuthu On Thu, 2007-10-04 at 08:58 -0700, Murali Krishnan wrote: > Hi all, > Running sample 05 of secure conversation (ws-trust) in rampart shows that the > returned SAML assertion has the X509Data element included as the child of > KeyValue element. But shouldn't it be included under the KeyInfo element > instead? > > This is actually throwing off the processing in SamlUtil.java when this > assertion is sent to a service that expects a SamlToken. > > Can someone please confirm? > Thanks, > Murali > > ---- snippet of the SAML Assertion ------ > > <AuthenticationStatement > xmlns:axis2ns345="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:axis2ns356="urn:oasis:names:tc:SAML:1.0:assertion" > AuthenticationInstant="2007-10-04T15:32:37.765Z" > AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> > <Subject > xmlns:axis2ns357="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:axis2ns346="urn:oasis:names:tc:SAML:1.0:assertion"> > <NameIdentifier > xmlns:axis2ns358="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:axis2ns347="urn:oasis:names:tc:SAML:1.0:assertion" > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample > Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</NameIdentifier> > <SubjectConfirmation > xmlns:axis2ns348="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:axis2ns359="urn:oasis:names:tc:SAML:1.0:assertion"> > <ConfirmationMethod > xmlns:axis2ns360="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:axis2ns349="urn:oasis:names:tc:SAML:1.0:assertion">urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod> > > > > > > MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA'>http://www.w3.org/2000/09/xmldsig#";>MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1 > UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA== > </X509Data> > </KeyValue> > </KeyInfo> > </SubjectConfirmation> > </Subject> > </AuthenticationStatement> > > -------- end snippet ------------------ > > > > > > ____________________________________________________________________________________ > Luggage? GPS? Comic books? > Check out fitting gifts for grads at Yahoo! Search > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz ____________________________________________________________________________________ Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
