[ http://issues.apache.org/jira/browse/WSFX-31?page=all ]
Werner Dittmann closed WSFX-31:
-------------------------------
Resolution: Fixed
replaced with lates xmlsec lib
> problem with xmlsec.jar version in cvs and opensaml signed SAML tokens
> ----------------------------------------------------------------------
>
> Key: WSFX-31
> URL: http://issues.apache.org/jira/browse/WSFX-31
> Project: WSFX
> Type: Bug
> Components: WSS4J
> Environment: Tomcat 5.0.25
> Apache Axis from wss4j cvs lib directory (as of 8/18/04)
> All other jar files from wss4j cvs lib directory
> Reporter: David Keppler
> Attachments: axis.log
>
> There appears to be a bug in the version of the xmlsec library provided in
> the WSS4J cvs repository that manifests itself when WSS4J's SAML token
> functionality is used.
> Trying to use a pre-signed SAML assertion obtained from an exterior source
> (what would be the typical usage scenario I imagine) via use of a custom
> SAMLIssuer class in conjunction with the SAMLTokenUnsigned action (because I
> don't want the client to sign the token but want to maintain the signature
> placed on the token by the token issuer) causes an unhandled exception to be
> thrown by the XML canonicalization algorithm called by the
> XMLUtils.outputDOM(doc, os, true) call near the end of
> WSDoAllReceiver.invoke().
> Work-around:
> Replace the xmlsec.jar from cvs with the v1.10 release of that library from
> http://xml.apache.org/security/
> However, I am unaware as to possible issues with the v1.10 library which may
> have led to a cvs build version of the library to be included in wss4j
> instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
