[CXF-4789] EndorsingSupportingTokens do not respect ProtectTokens assertion from paired binding policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.8
Fix Version/s: 2.7.4, 2.6.7, 2.5.10, 3.0.0-milestone1
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

I've a wsdl containing both a SymmetricBinding and an EndorsingSupportingTokens policies. The binding one specifies ProtectTokens assertion. As a consequence as per WS-SecurityPolicy 1.2 Section 8.9, the signature for the endorsing supporting token should sign both the first signature and the endorsing token, while it seems the latter is currently not covered.

Attachments

Issue Links

depends upon

WSS-421 WSSecSignature does not allow access to the internal BinarySecurityToken after it is applied to the security header

Closed

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Alessio Soldano

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Jan/13 11:05

Updated:: 09/Apr/13 15:15

Resolved:: 08/Feb/13 13:17