[CXF-7013] SAML token using ws-security.callback-handler as for UT with ID attribute value - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Not A Problem
Affects Version/s: 3.0.6
Fix Version/s: None
Component/s: Core
Labels:
None

Estimated Complexity:
Unknown

Description

Processing of SAML token results in call of configured ws-security.callback-handler same as for Username Token.

When CXF receives (no UT in it):

<wss:Security>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
...
</wss:Security>

it calls configured:
ws-security.callback-handler=com.SecurityCallback
with ID="Abc-1" from above Security section as username.

Ignoring this and moving on has no impact on processing SAML token but if SecurityCallback does some funny stuff (or at list logging) for each received UT it is really confusing.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Grzegorz Maczuga

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Aug/16 15:03

Updated:: 21/Oct/16 18:50

Resolved:: 24/Aug/16 11:51