[jira] [Created] (CXF-7013) SAML token using ws-security.callback-handler as for UT with ID attribute value

Grzegorz Maczuga (JIRA) Tue, 16 Aug 2016 08:03:55 -0700

Grzegorz Maczuga created CXF-7013:
-------------------------------------

             Summary: SAML token using ws-security.callback-handler as for UT 
with ID attribute value
                 Key: CXF-7013
                 URL: https://issues.apache.org/jira/browse/CXF-7013
             Project: CXF
          Issue Type: Bug
          Components: Core
    Affects Versions: 3.0.6
            Reporter: Grzegorz Maczuga
            Priority: Minor



Processing of SAML token results in call of configured 
ws-security.callback-handler same as for Username Token.

When CXF receives (no UT in it):

   <wss:Security>
      <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
        <saml:Issuer 
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
        <saml:Subject>
          <saml:NameID 
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
       ...         
     </wss:Security>

it calls configured:
        ws-security.callback-handler=com.SecurityCallback
with ID="Abc-1" from above Security section as username.

Ignoring this and moving on has no impact on processing SAML token but if 
SecurityCallback does some funny stuff (or at list logging) for each received 
UT it is really confusing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CXF-7013) SAML token using ws-security.callback-handler as for UT with ID attribute value

Reply via email to