CXF
  1. CXF
  2. CXF-4612

SAML assertion element is not imported into SecurityHeader document

    Details

    • Estimated Complexity:
      Unknown

      Description

      If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
      This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().

      Stacktrace:
      Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
      at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
      at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
      at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
      at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
      at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
      at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
      at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
      at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
      ... 18 more

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        5h 12m 1 Colm O hEigeartaigh 05/Nov/12 17:21
        Resolved Resolved Closed Closed
        43d 21h 17m 1 Daniel Kulp 19/Dec/12 14:38
        Daniel Kulp made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Colm O hEigeartaigh made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Colm O hEigeartaigh made changes -
        Fix Version/s 2.5.7 [ 12323349 ]
        Fix Version/s 2.6.4 [ 12323348 ]
        Fix Version/s 2.7.1 [ 12323347 ]
        Affects Version/s 2.7.0 [ 12321669 ]
        Affects Version/s 2.6.3 [ 12322964 ]
        Affects Version/s 2.5.6 [ 12322965 ]
        Colm O hEigeartaigh made changes -
        Assignee Colm O hEigeartaigh [ coheigea ]
        Andreas Triebel made changes -
        Field Original Value New Value
        Summary SAML assertion element is not imported into SecurtyHeader document SAML assertion element is not imported into SecurityHeader document
        Andreas Triebel created issue -

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Andreas Triebel
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development