Re: Error in SAML1.1 Conditions support of WSS4J 1.6.0?

Mon, 16 May 2011 08:38:02 -0700 

Hi,

> Did I miss something or is this really a bug in WSS4J 1.6.0?

No, it's a bug :-) I fixed it here:

https://issues.apache.org/jira/browse/WSS-285

Colm.

On Sun, May 15, 2011 at 3:34 PM, Ralf Schroth <[email protected]> wrote:
> Hi All,
>
> while playing around with WSS4J 1.6.0 to get familiar with it I
> encountered a problem with the conditions element generated for a
> SAML1.1 assertion. The generated element in the XML document is called
> "ConditionsType" but as of my understanding of the SAML 1.1 Core spec
> it should rather be only "Conditions".
>
> Lets take an example generated by unittest SamlTokenSVTest.java:
> <saml1:Assertion xmlns=""
> xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> AssertionID="0DBE629B155365272C13054683742576"
> IssueInstant="2011-05-15T14:06:14.257Z" Issuer="www.example.com"
> MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType">
>    <saml1:ConditionsType NotBefore="2011-05-15T14:06:17.767Z"
> NotOnOrAfter="2011-05-15T14:11:17.767Z">
>    </saml1:ConditionsType>
>    <saml1:AuthenticationStatement
> AuthenticationInstant="2011-05-15T14:06:14.257Z"
> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"
> xsi:type="saml1:AuthenticationStatementType">
>        <saml1:Subject>
>            <saml1:NameIdentifier
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> NameQualifier="www.example.com">
>                uid=joe,ou=people,ou=saml-demo,o=example.com
>            </saml1:NameIdentifier>
>            <saml1:SubjectConfirmation>
>                <saml1:ConfirmationMethod>
>                    urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
>                </saml1:ConfirmationMethod>
>            </saml1:SubjectConfirmation>
>        </saml1:Subject>
>    </saml1:AuthenticationStatement>
> </saml1:Assertion>
>
> You can see the element <saml1:ConditionsType ....> in the second line
> of the output.
>
> I guess the error originates in
> org.apache.ws.security.saml.ext.builder.SAML1ComponentBuilder line 236
> which is says:
> Conditions conditions = conditionsV1Builder.buildObject(Conditions.TYPE_NAME);
>
> I would rather expect
> Conditions conditions = conditionsV1Builder.buildObject();
>
> Did I miss something or is this really a bug in WSS4J 1.6.0?
>
> Thx and Kind Regards,
> Ralf
>

Reply via email to