For me looks like as a defect in AbstractBindingBuilder.addSignatureParts().
As far as I can see SAML assertion element is not imported into SecurtyHeader
document:
SecurityTokenReference secRef =
createSTRForSamlAssertion(doc, assertionWrapper.getId(), saml1, false);
addSupportingElement(secRef.getElement());
as it is done for example for WSSecSignature:
SecurityTokenReference secRef =
tempSig.getSecurityTokenReference();
...
Element secRefElement = cloneElement(secRef.getElement());
addSupportingElement(secRefElement);
I will suggest to create a Jira issue, patch is also welcome.
Regards,
Andrei.
-----Original Message-----
From: andreas_triebel [mailto:[email protected]]
Sent: Freitag, 2. November 2012 10:27
To: [email protected]
Subject: How to use
org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement()?
In my SAMLCallbackHandler I try to set the assertion element with the current
subject's public credentials (SAMLCredential). This approach ends up with the
following error:
/Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a
different document than the one that created it.
at
org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
... 18 more/
The SAMLCallbackHandler looks like this:
/...
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback sc = (SAMLCallback) callbacks[i];
Subject subject =
org.jboss.security.SecurityContextAssociation.getSubject();
Set<SamlCredential> samlCreds =
subject.getPublicCredentials(SamlCredential.class);
for (SamlCredential samlCred : samlCreds) {
Element assertion = samlCred.getAssertionAsElement();
sc.setAssertionElement(assertion);
}
.../
Is it not meant to be used like this or is there another way to reuse the
current subject's SAMLCredential in CXF?
Thanks
Andreas
--
View this message in context:
http://cxf.547215.n5.nabble.com/How-to-use-org-apache-ws-security-saml-ext-SAMLCallback-setAssertionElement-tp5717764.html
Sent from the cxf-user mailing list archive at Nabble.com.
