[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CXF-6650: - Affects Version/s: (was: 3.0.6) 3.0.5 > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.5 >Reporter: Grzegorz Maczuga >Assignee: Colm O hEigeartaigh > Attachments: SAMLwExternalSignature.txt, SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: SAMLwExternalSignature.txt Attached SAML Token + Body that are signed both by external signature > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwExternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: SAMLwExternalSignature.txt > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwExternalSignature.txt, SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: (was: SAMLwExternalSignature.txt) > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwExternalSignature.txt, SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: SAMLwExternalSignature.txt > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwExternalSignature.txt, SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: SAMLwInternalSignature.txt SAML token with embed signature and reference to both SAML token and body > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwExternalSignature.txt, SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Attachment: (was: SAMLwExternalSignature.txt) > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > Attachments: SAMLwInternalSignature.txt > > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Description: When an Oracle Api Gateway: - inserts a SenderVouches SAML 2.0 Assertion - there is no 2-way TLS connection thus CXF require that both SAML Token and SOAP Body are signed by same signature. Then CXF server fails to accept such request in following cases: 1) when signature is outside SAML Token element then token is considered to be not signed by CXF SAMLTokenProcessor 2) when signature is inside SAML Token then Signature processing fails as CXF cannot find referenced external Body element 3) when signature is inside SAML Token but it only signs SAML and no BODY, then it fails Sender-vouches requirements Workaround to this is to: 1) Set in CXF that “not signed” SAML is OK: 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: was: When an Oracle Api Gateway: - inserts a SenderVouches SAML 2.0 Assertion - there is no 2-way TLS connection thus CXF required that both SAML Token and SOAP Body are signed by same signature. Then CXF server fails to accept such request in following cases: 1) when signature is outside SAML Token element then token is considered to be not signed by CXF SAMLTokenProcessor 2) when signature is inside SAML Token then Signature processing fails as CXF cannot find referenced external Body element 3) when signature is inside SAML Token but it only signs SAML and no BODY, then it fails Sender-vouches requirements Workaround to this is to: 1) Set in CXF that “not signed” SAML is OK: 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6650) SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug
[ https://issues.apache.org/jira/browse/CXF-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grzegorz Maczuga updated CXF-6650: -- Description: When an Oracle Api Gateway: - inserts a SenderVouches SAML 2.0 Assertion - there is no 2-way TLS connection thus CXF require that both SAML Token and SOAP Body are signed by same signature. Then CXF server fails to accept such request in following cases: 1) when signature is outside SAML Token element then token is considered to be not signed by CXF SAMLTokenProcessor 2) when signature is inside SAML Token then Signature processing fails as CXF cannot find referenced external Body element 3) when signature is inside SAML Token but it only signs SAML and no BODY, then it fails Sender-vouches requirements Workaround to this is to: 1) Set in CXF that “not signed” SAML is OK: 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: but I believe that options 1) and 2) should normally work. was: When an Oracle Api Gateway: - inserts a SenderVouches SAML 2.0 Assertion - there is no 2-way TLS connection thus CXF require that both SAML Token and SOAP Body are signed by same signature. Then CXF server fails to accept such request in following cases: 1) when signature is outside SAML Token element then token is considered to be not signed by CXF SAMLTokenProcessor 2) when signature is inside SAML Token then Signature processing fails as CXF cannot find referenced external Body element 3) when signature is inside SAML Token but it only signs SAML and no BODY, then it fails Sender-vouches requirements Workaround to this is to: 1) Set in CXF that “not signed” SAML is OK: 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > SAML 2.0 SenderVouches / no 2-way TLS / XML Signature bug > - > > Key: CXF-6650 > URL: https://issues.apache.org/jira/browse/CXF-6650 > Project: CXF > Issue Type: Bug >Affects Versions: 3.0.6 >Reporter: Grzegorz Maczuga > > When an Oracle Api Gateway: > - inserts a SenderVouches SAML 2.0 Assertion > - there is no 2-way TLS connection thus CXF require that both SAML Token and > SOAP Body are signed by same signature. > Then CXF server fails to accept such request in following cases: > 1) when signature is outside SAML Token element then token is considered to > be not signed by CXF SAMLTokenProcessor > 2) when signature is inside SAML Token then Signature processing fails as CXF > cannot find referenced external Body element > 3) when signature is inside SAML Token but it only signs SAML and no BODY, > then it fails Sender-vouches requirements > Workaround to this is to: > 1) Set in CXF that “not signed” SAML is OK: > value="true" /> > 2) Enforce Signature of SAML on WSDL/WS-SecurityPolicy level: > > > > but I believe that options 1) and 2) should normally work. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
