SamlUtil.java throws XMLSecurityException when SAML SubjectConfirmation element
doesn't have KeyInfo child
----------------------------------------------------------------------------------------------------------
Key: WSS-90
URL: https://issues.apache.org/jira/browse/WSS-90
Project: WSS4J
Issue Type: Bug
Environment: Windows XP, Axis2 1.3, WSS4J 1.5.3,
Reporter: Murali Gunasekaran
Assignee: Ruchith Udayanga Fernando
Priority: Critical
The SAML Core 1.1 specification mentions that the <ds:KeyInfo> element is
optional under the <SubjectConfirmation> element (under <Subject>).
The following call fails when the incoming SAML assertion contains a
<subjectconfirmation> element without a KeyInfo child element:
Element e = samlSubj.getKeyInfo(); [ Line 122]
X509Certificate[] certs = null;
try {
KeyInfo ki = new KeyInfo(e, null);
The constructor KeyInfo(e, null) fails and throws a XMLSecurityException when e
is null (which is true when samlSubj.getKeyInfo() returns null)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
