Hi Dan,

So the Subject of the SAML Assertion has a KeyInfo that contains a
SecurityTokenReference as a child element? I haven't come across this, but
if that's what a .NET STS is producing then it's something we'd want to be
able to process correctly. Could you create a new JIRA here + add the SAML
Assertion that's causing the problem, and I'll take it from there?

https://issues.apache.org/jira/browse/WSS

Colm.

On Tue, Jun 12, 2012 at 9:43 PM, DTaylor <[email protected]> wrote:

> Good day all,
>
> I understand this is more of a WSS4J question, however I was unable to find
> the WSS4J users list and it occurs when trying to do .NET and Java interop
> using CXF.
>
> Our setup is a .NET client to a .NET STS to a Java Service.
>
> Things are going well, until we receive the token in the CXF framework at
> the service point.
> By debugging down through the code, we hit the WSS4J
> SAMLUtil.getCredentialFromKeyInfo method.
>
> keyInfoElement.getFirstChild() returns the SecurityTokenReference element,
> which has as its first child an X509Data element.
>
> The first loop correctly determines that no EncryptedKey or BinarySecret is
> present.  The second loop, determines the first child of keyInfo is not an
> X509Data or PublicKey, however the SecurityTokenReference, which is the
> element being inspected, contains the X509Data.
>
> From *WSS X.509 Certificate Token Profile, section 3.2*:
>
> In order to ensure a consistent processing model across all the token types
> supported by WSS: SOAP Message Security, the <wsse:SecurityTokenReference>
> element SHALL be used to specify all references to X.509 token types in
> signature or encryption elements that comply with this profile.
>
> Is this a bug in WSS4J? Or have we misconfigured something?  If it is a
> bug,
> am I better off submitting the bug or creating a patch and test to submit
> to
> WSS4J?
>
> Thanks,
>
> Dan.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Issue-with-SecurityReferenceToken-handling-tp5709621.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to