[
https://issues.jboss.org/browse/SEAMSECURITY-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620247#comment-12620247
]
Marek Schmidt commented on SEAMSECURITY-72:
-------------------------------------------
The problem seems to be in
OpenIdProviderAuthenticationService
{noformat}
Message authResponse = openIdServerManager.get().authResponse(parameterList,
opLocalIdentifier, claimedIdentifier, authenticationSuccesful);
if (response instanceof DirectError) {
writeMessageToResponse(authResponse, response);
} else {
if (openIdProviderRequest.get().getRequestedAttributes() != null) {
try {
FetchResponse fetchResponse =
FetchResponse.createFetchResponse(openIdProviderRequest.get().getFetchRequest(),
attributeValues);
authResponse.addExtension(fetchResponse);
} catch (MessageException e) {
throw new RuntimeException(e);
}
}
{noformat}
The authResponse signs the message before the extension is added, therefore the
signature is invalid.
> org.jboss.seam.security.externaltest.integration.client.IntegrationTest.openIdLoginWithClaimedIdentifierAndAttributeExchangeTest
> fails
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-72
> URL: https://issues.jboss.org/browse/SEAMSECURITY-72
> Project: Seam Security
> Issue Type: Bug
> Reporter: Jozef Hartinger
> Assignee: Marek Schmidt
> Fix For: 3.1.0.Final
>
>
> https://hudson.qa.jboss.com/hudson/view/Seam%203/job/Seam-3.X-security-CI/164/testReport/
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues