Hi,
Normally what happens is that every header in the security header is
passed to the relevant WSS4J processor and it does the the validation. I
assumed that org.apache.ws.security.processor.SAMLTokenProcessor[1] does
both the signature validation and validation of the conditions. But when I
went through the code now, it seems it only validates the conditions and not
the Signature. I will double check this and fix this in WSS4J.
thanks,
nandana
[1] -
http://svn.apache.org/viewvc/webservices/wss4j/tags/1_5_4/src/org/apache/ws/security/processor/SAMLTokenProcessor.java?view=markup
On Thu, Sep 18, 2008 at 7:14 PM, Christian Mielke <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I use SAML TOKEN as supporting token inside my SOAP request. Does RAMPART
> verify or validate the token autmatically? Maybe the signature of the token
> or the conditions (notbefore or notafter)?
>
> Greetings
> Christian
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
