[jira] [Updated] (WSS-490) Derived Endorsing policy validation error

Tue, 14 Jan 2014 05:10:20 -0800 

     [ 
https://issues.apache.org/jira/browse/WSS-490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated WSS-490:
------------------------------------

    Description: 
There is a bug in the streaming policy validation code with derived endorsing 
tokens. The use-case is an Issued (SAML) token which is an Endorsing 
(Encrypted) token, with derived keys. 

It appears that the "signsElement" method in the InboundWSSecurityContextImpl 
is matching the token Id of the Derived token, instead of the (deriving) SAML 
Token. Hence the SAML Token is never assigned the "usage" of Endorsing.

See here for a test to reproduce the problem:

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup

  was:

There is a bug in the streaming policy validation code with derived endorsing 
tokens. The use-case is an Issued (SAML) token which is an Endorsing 
(Encrypted) token, with derived keys. 

It appears that the "signsElement" method in the InboundWSSecurityContextImpl 
is matching the token Id of the Derived token, instead of the (deriving) SAML 
Token. Hence the SAML Token is never assigned the "usage" of Endorsing.


> Derived Endorsing policy validation error
> -----------------------------------------
>
>                 Key: WSS-490
>                 URL: https://issues.apache.org/jira/browse/WSS-490
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0.0
>
>
> There is a bug in the streaming policy validation code with derived endorsing 
> tokens. The use-case is an Issued (SAML) token which is an Endorsing 
> (Encrypted) token, with derived keys. 
> It appears that the "signsElement" method in the InboundWSSecurityContextImpl 
> is matching the token Id of the Derived token, instead of the (deriving) SAML 
> Token. Hence the SAML Token is never assigned the "usage" of Endorsing.
> See here for a test to reproduce the problem:
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to