Nobody wants to help me on better understanding this
problem? :)
Thanks
Luciano
Da: Montebove Luciano [mailto:[EMAIL PROTECTED]
Inviato: mercoledì 12 luglio 2006 14.16
A: [email protected]
Oggetto: SAMLTokenSigned action and signatureParts problem
Hi
all,
in the current
version WSS4J 1.5.0 the "SAMLTokenSigned" action doesn't consider the
"signatureParts" parameter (as instead the "Signature" action does ) so that i
can sign only the body with this action.
Looking at the code
of SignatureAction and SAMLTokenSignedAction it seems that the problem is the lack of
these lines of code in the latter:
if
(reqData.getSignatureParts().size() > 0)
{
wsSign.setParts(reqData.getSignatureParts());
wsSign.setParts(reqData.getSignatureParts());
There is a
reason for this?
In
turn the result of using an actions parameter like this, to avoid the problem
(tried an working in WSS4J):
"Timestamp SAMLTokenUnsigned Signature"
with this
"signatureParts" parameter:
"{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;
{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;
{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"
is
correct from the specs (WSS, SAML) point of view?
Thanks
Luciano
