org.apache.rahas.client.STSClient.org.apache.rahas.processIssueResponse fails
if SamlAssertion is issued.
---------------------------------------------------------------------------------------------------------
Key: RAMPART-154
URL: https://issues.apache.org/jira/browse/RAMPART-154
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Environment: Latest Rampart and Wss4j on a windows platform.
Reporter: Rasmus Rhein Helwigh
Assignee: Ruchith Udayanga Fernando
the method processIssueResponse throws a trustexception if findIdentifier
returns null. This is a problem since SAML Assertions don't has a AssertionID
attribute instead of an ID attribute.
One solution could be to look for the assertionID attribute as well. Another
could be to ignore the ID if it isn't found.
The example below shows a version of findIdentifier that also works with SAML
1.1 Assetions
private String findIdentifier(OMElement reqAttRef,
OMElement reqUnattRef,
OMElement token) {
String id;
if (reqAttRef != null) {
//First try the attached ref
id = this.getIdFromSTR(reqAttRef);
} else if (reqUnattRef != null) {
//then try the unattached ref
id = this.getIdFromSTR(reqUnattRef);
} else {
//Return wsu:Id of the token element
id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
if ( id == null )
{
id = token.getAttributeValue(new QName( "AssertionID"));
}
}
return id;
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
