SignatureProcessor does not provide correct signature coverage results with STR
Dereference Transform
-----------------------------------------------------------------------------------------------------
Key: WSS-222
URL: https://issues.apache.org/jira/browse/WSS-222
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.8, 1.5.9
Reporter: David Valeri
Assignee: Ruchith Udayanga Fernando
SignatureProcessor does not report correct info when STR Dereference Transform
is used. The implementation does not follow the dereference pointer to the
security token and reports that the signed content is the
SecurityTokenReference itself and not the referenced token. The URI in the
signature part is dereferenced with no regard to the transform used in the
signature part.
This issue makes it difficult to validate signature coverage over something
like an embedded SAML assertion when that assertion is also used as the key
material for the signature and is referenced and signed through a
SecurityTokenReference.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
