I did some research and looked at oasis specification(
https://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf),
it looks like that wsse11:TokenType attribute is optional for SAML 1.1, but
should contain
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1.
<<<
Now I am getting 'An invalid security token was provided (Bad TokenType
"")'. I debugged through code again and following is the issue.
org.apache.ws.security.str.BSPEnforcer.java(wss4j-1.6.6.jar) class Line 162
- 169
String tokenType = secRef.getTokenType();
if (assertion.getSaml1() != null &&
!WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)) {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidTokenType",
new Object[]{tokenType}
);
}
The content of secRef object as follow. As you can see from above code, it
is looking for an attribute named "TokenType", whose value is "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
" but SecurityTokenReference doesn't have it. That's why it throws
exception. What we can do about this? I am going to update *CXF-4367 with
new content.*
<o:SecurityTokenReference xmlns:o="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<o:KeyIdentifier ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
">
_ca94d3c5-0933-4af0-ac12-a83fd407310c</o:KeyIdentifier>
</o:SecurityTokenReference>
>>>>>>>>
