[
https://issues.apache.org/jira/browse/WSS-117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695058#action_12695058
]
Colm O hEigeartaigh commented on WSS-117:
-----------------------------------------
I am...I should merge a fix by tomorrow. Any testing you can do against owsm
would be helpful!
> WSS4J does not supports KeyIdentifiers to reference SAML tokens but this is
> allowed by the WSS specification. Integration tesitng with owsm failed.
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-117
> URL: https://issues.apache.org/jira/browse/WSS-117
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.6
> Environment: Integration testing wss4j with owsm - failed.
> Reporter: WellenLau
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.7, 1.6
>
>
> According to wss-v1.1-spec-os-SAMLTokenProfile.pdf on - section 3.4
> Identifying and Referencing Security Tokens :
> The three forms of token references defined by the
> <wsse:SecurityTokenReference> element are defined as follows:
> 1)key identifier reference such as <wsse:KeyIdentifier>;
> 2)Direct or URI reference such as <wsse:Reference>;
> 3)An Embedded reference such as <wsse:Embedded>.
> WSS4J uses <DirectReference> while OWSM using <KeyIdentifier> to refer to a
> saml token from within a <STR>. This means webservices using wss4j will not
> be able to interoperate with OWSM successfully.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
