Re: SamlTokenIssuer adds X509Data element to KeyValue

Tue, 09 Oct 2007 21:43:01 -0700 

Hi,

It is in the svn now. Revision 582212 onwards

Thanks,
Dimuthu

On Fri, 2007-10-05 at 08:02 -0700, Murali Krishnan wrote:
> Thanks Dimuthu. Looking forward to the fix (to replace my local fix :))
> 
> ----- Original Message ----
> From: Dimuthu Leelarathne <[EMAIL PROTECTED]>
> To: [email protected]
> Sent: Friday, October 5, 2007 7:16:12 AM
> Subject: Re: SamlTokenIssuer adds X509Data element to KeyValue
> 
> Hi,
> 
> I checked out the Digital Signature schema. And it looks like you are
> right.
> 
> I will fix it right away.
> 
> Regards,
> Dimuthu
> 
> On Thu, 2007-10-04 at 08:58 -0700, Murali Krishnan wrote:
> > Hi all,
> > Running sample 05 of secure conversation (ws-trust) in rampart shows that 
> > the returned SAML assertion has the X509Data element included as the child 
> > of KeyValue element. But shouldn't it be included under the KeyInfo element 
> > instead?
> > 
> > This is actually throwing off the processing in SamlUtil.java when this 
> > assertion is sent to a service that expects a SamlToken.
> > 
> > Can someone please confirm?
> > Thanks,
> > Murali
> > 
> > ---- snippet of the SAML Assertion ------
> > 
> > <AuthenticationStatement 
> > xmlns:axis2ns345="urn:oasis:names:tc:SAML:1.0:assertion" 
> > xmlns:axis2ns356="urn:oasis:names:tc:SAML:1.0:assertion" 
> > AuthenticationInstant="2007-10-04T15:32:37.765Z" 
> > AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
> >                      <Subject 
> > xmlns:axis2ns357="urn:oasis:names:tc:SAML:1.0:assertion" 
> > xmlns:axis2ns346="urn:oasis:names:tc:SAML:1.0:assertion">
> >                         <NameIdentifier 
> > xmlns:axis2ns358="urn:oasis:names:tc:SAML:1.0:assertion" 
> > xmlns:axis2ns347="urn:oasis:names:tc:SAML:1.0:assertion" 
> > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample 
> > Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</NameIdentifier>
> >                         <SubjectConfirmation 
> > xmlns:axis2ns348="urn:oasis:names:tc:SAML:1.0:assertion" 
> > xmlns:axis2ns359="urn:oasis:names:tc:SAML:1.0:assertion">
> >                            <ConfirmationMethod 
> > xmlns:axis2ns360="urn:oasis:names:tc:SAML:1.0:assertion" 
> > xmlns:axis2ns349="urn:oasis:names:tc:SAML:1.0:assertion">urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod>
> >                            
> >                               
> >                                  
> >                                    
> >  
> > MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA'>http://www.w3.org/2000/09/xmldsig#";>MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1
> > UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==
> >                                  </X509Data>
> >                               </KeyValue>
> >                            </KeyInfo>
> >                         </SubjectConfirmation>
> >                      </Subject>
> >                   </AuthenticationStatement>
> > 
> > -------- end snippet ------------------
> > 
> > 
> > 
> > 
> >       
> > ____________________________________________________________________________________
> > Luggage? GPS? Comic books? 
> > Check out fitting gifts for grads at Yahoo! Search
> > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
> 
> 
> 
> 
> 
> 
> 
> 
>        
> ____________________________________________________________________________________
> Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for 
> today's economy) at Yahoo! Games.
> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow

Reply via email to