[CXF-4556] JAX-RS SAML TLS HolderOfKey check does not work - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.6, 2.6.3, 2.7
Fix Version/s: 2.5.7, 2.6.4, 2.7.1
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

The HolderOfKey check that is done when a SAML Assertion is received via a JAX-RS SAML interceptor does not work when TLS is used. This is due to the following check:

if (tlsCerts == null || sig == null)

"sig" will always be null for the TLS case.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Oct/12 15:54

Updated:: 19/Dec/12 14:38

Resolved:: 11/Oct/12 16:49