WSS4J does supports KeyIdentifiers to reference SAML tokens but this is allowed
by the WSS specification.
---------------------------------------------------------------------------------------------------------
Key: WSS-117
URL: https://issues.apache.org/jira/browse/WSS-117
Project: WSS4J
Issue Type: Bug
Environment: Integration testing wss4j with owsm.
Reporter: WellenLau
Assignee: Ruchith Udayanga Fernando
According to wss-v1.1-spec-os-SAMLTokenProfile.pdf on - section 3.4 Identifying
and Referencing Security Tokens :
The three forms of token references defined by the
<wsse:SecurityTokenReference> element are defined as follows:
1)key identifier reference such as <wsse:KeyIdentifier>;
2)Direct or URI reference such as <wsse:Reference>;
3)An Embedded reference such as <wsse:Embedded>.
WSS4J uses <DirectReference> while OWSM using <KeyIdentifier> to refer to a
saml token from within a <STR>. This means webservices using wss4j will not be
able to interoperate with OWSM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
