Hi All,
I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support
the "signatureParts" parameter" in wss4j 1.5. It does not seems working for me
in latest wss4j. Probably someone can enlighten me.
Is it the way I configure my handler or is it an issue.
According to the problem and it seems indicates that in this
SAMLTokenSignedAction.java does not have the below code and causing the problem.
if (reqData.getSignatureParts().size() > 0) {
wsSign.setParts(reqData.getSignatureParts());
I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.
Client Config as below :
<parameter name="action" value="Timestamp SAMLTokenSigned"/>
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
<parameter name="samlPropFile" value="saml3.properties"/>
<parameter name="signatureParts"
value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>
It seems to me that using SAMLTokenSigned signed the body only. I am trying to
sign the assertion ONLY.
I did a debug on the client and found out that :
addReferencesToSign() [WSSecSignatureSAML.java]
{
.
String idToSign = encPart.getId();
..
Element body = (Element) WSSecurityUtil.findElement(
envelope, elemName, nmSpace);
if (body == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE, "noEncElement",
new Object[] { nmSpace + ", " + elemName });
.........
}
the value of idToSign is empty.
The value of body is empty.
However, if I use below :
<parameter name="action" value="Timestamp SAMLTokenUnsigned
Signature"/> with signatureParts, it works.
Hoping to get some idea
