Hi
all,
in the current
version WSS4J 1.5.0 the "SAMLTokenSigned" action doesn't consider the
"signatureParts" parameter (as instead the "Signature" action does ) so that i
can sign only the body with this action.
Looking at the code
of SignatureAction and SAMLTokenSignedAction it seems that the prblem is the
lack of these lines of code in the latter:
if
(reqData.getSignatureParts().size() > 0)
{
wsSign.setParts(reqData.getSignatureParts());
wsSign.setParts(reqData.getSignatureParts());
There is a
reason for this?
In turn the
result of using an actions parameter like this, to avoid the problem (tried an
working in WSS4J):
"Timestamp
SAMLTokenUnsigned Signature"
with this
"signatureParts" parameter:
"{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;
{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;
{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
is correct
from the specs (WSS, SAML) point of view?
Thanks
Luciano
