[
https://issues.apache.org/jira/browse/WSS-222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-222.
-----------------------------------
> SignatureProcessor does not provide correct signature coverage results with
> STR Dereference Transform
> -----------------------------------------------------------------------------------------------------
>
> Key: WSS-222
> URL: https://issues.apache.org/jira/browse/WSS-222
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: David Valeri
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
> Attachments: patch.txt
>
>
> SignatureProcessor does not report correct info when STR Dereference
> Transform is used. The implementation does not follow the dereference
> pointer to the security token and reports that the signed content is the
> SecurityTokenReference itself and not the referenced token. The URI in the
> signature part is dereferenced with no regard to the transform used in the
> signature part.
> This issue makes it difficult to validate signature coverage over something
> like an embedded SAML assertion when that assertion is also used as the key
> material for the signature and is referenced and signed through a
> SecurityTokenReference.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
