Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.4
-
None
Description
Using 4/12 2.4.0-SNAPSHOT. IssuedTokenInInterceptor.findSecurityResult fails to recognize a bearer assertion where getSubjectKeyInfo returns null. This results in the message failing the policy check as the IssuedToken is not added to the message.
Sample message:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>