[
https://issues.apache.org/jira/browse/WSS-222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Valeri updated WSS-222:
-----------------------------
Attachment: patch.txt
Attached test case and patch.
> SignatureProcessor does not provide correct signature coverage results with
> STR Dereference Transform
> -----------------------------------------------------------------------------------------------------
>
> Key: WSS-222
> URL: https://issues.apache.org/jira/browse/WSS-222
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8, 1.5.9
> Reporter: David Valeri
> Assignee: Ruchith Udayanga Fernando
> Attachments: patch.txt
>
>
> SignatureProcessor does not report correct info when STR Dereference
> Transform is used. The implementation does not follow the dereference
> pointer to the security token and reports that the signed content is the
> SecurityTokenReference itself and not the referenced token. The URI in the
> signature part is dereferenced with no regard to the transform used in the
> signature part.
> This issue makes it difficult to validate signature coverage over something
> like an embedded SAML assertion when that assertion is also used as the key
> material for the signature and is referenced and signed through a
> SecurityTokenReference.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
