Incrorrect reference URI in the soap response in Secure Conversation Scenarios
------------------------------------------------------------------------------
Key: RAMPART-115
URL: https://issues.apache.org/jira/browse/RAMPART-115
Project: Rampart
Issue Type: Bug
Components: rampart-core
Reporter: Nandana Mihindukulasooriya
Currently generated reference URI in the signature element is something like
<ds:KeyInfo Id="KeyId-23512756">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-8347238">
<wsse:Reference URI="#urn:uuid:7C508C42E7E4A7A229119570507177149"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
where it should be something like,
<ds:KeyInfo Id="KeyId-23512756">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-8347238">
<wsse:Reference URI="#sctId-23510169"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
This happens because when SimpleTokenStore finds the token using attached
reference or unattached reference, the returned token's id is not the same id
we entered to retrieve the token. So the incorrect value is used in reference
URI.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
