Hi All,
I've got my hands dirty looking at the code and feel that I've identified the root cause of my error. The AsymetricBindingBuilder adds the IDs of elements to be signed into the sigParts Vector. When the signature is computed the WSSecDKSign class looks up the IDs in the WS utility namespace WSConstants.WSU_NS. However, this doesn't work for SAML 1.0 or SAML 2.0 assertions as they are located by AssertionID in the SAML 1.0 namespace and ID in the SAML 2.0 namespace. WSSecDKSign does seem to be able to properly locate a SAML assertion to sign if the name Assertion is set in the WSEncryptionPart. However, AsymetricBindingBuilder seems to only use IDs. Does this look right or am I barking up the wrong tree? thanks, Graeme > From: [email protected] > To: [email protected] > Subject: RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN and SignedSupportToken > policy > Date: Mon, 4 Oct 2010 14:24:55 +0100 > > > Hi All, > > > > I'm using a custom mediator in Synapse to acquire a SAML assertion that I > then wish to add as a SignedSupportingToken. The SAML assertion is acquired > using some legacy code developed under JAX-WS (I don;'t really want to change > this). I then convert the JAX-WS GenericToken into a org.apache.rahas.Token, > which is added to a token store. I then write the > RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN and TokenStorage.TOKEN_STORAGE_KEY > into the message context: See below > > > > // Instatiate an org.apache.rahas.Token from the issued SAML assertion > Token tok = new Token(genericToken.getId(), > XMLUtils.toOM((Element) genericToken.getTokenValue()), > itCtx.getCreationTime(), > itCtx.getExpirationTime()); > > > > // Add the SupportingToken into the Axis Token store > TokenStorage storage = new SimpleTokenStore(); > > storage.add(tok); > > > > // Add the Token and Token store in the Axis2 Message Context > Axis2MessageContext axis2MessageContext = (Axis2MessageContext) ctx; > > org.apache.axis2.context.MessageContext msgCtx = > axis2MessageContext.getAxis2MessageContext(); > > msgCtx.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, > genericToken.getId()); > > msgCtx.setProperty(TokenStorage.TOKEN_STORAGE_KEY, storage) > > > > If the policy is set with a SupportingTokens assertion this works great. > However, if I change this to SignedSupportTokens the attempt to sign the > assertion fails with XMLSignatureException: Id not found. I know that when > the policy is set for SupportingTokens the assertion is present and the ID is > correct. Therefore, I feel that they may be an issue with the order in which > the RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN is added to the message. I > don't now the implementation well enough to state for certain there is a > problem, therefore, any guidance is appreciated. > > > > thanks, > > > > Graeme >
