Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8438

Out/In Interceptor requires additional IN action when using SAMLTokenSigned

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: WS-* Components
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Issue

      I am using the "SAMLTokenSigned" action in my client and server setup. 

      Out Transport

      Using the action in the WSS4JOutInterceptor works correctly and ends up setting a single HandlerAction when sending data down to doSenderAction:

      The action constant is ST_SIGNED:

      Inbound Data

      When processing the header, there seems to be an additional action discovered.

      The first WSSecurityEngineResult is a SAMLToken:

      A second WSSecurityEngine result is added based on the SignatureProcessor:

      The failure then happens when checkReceiverResultsInAnyOrder is invoked.

      We have 1 recorded action and 2 found actions in the wsResult value:

      When checking if that additional action, which is a signature is part of the recorded action, the check will fail and our interceptor will produce a fault:

      Work Around

      On the server side, we can set the actions to both a "SAMLTokenSigned" and "Signature":

        // TODO work around here is to add Signature to the actions
              inProps.put("action", "SAMLTokenSigned Signature");
      

      Questions

      1. Should the SAMLSignedToken handling also add a receiver action of SIGN (WSConstant.SC)?

      Sample that reproduces the issue

      https://github.com/AnEmortalKid/cxf/tree/sign_saml_test/distribution/src/main/release/samples/ws_security/signed_saml_token

        Attachments

        1. image-2021-03-18-14-03-06-005.png
          182 kB
          Jan Monterrubio
        2. image-2021-03-18-14-02-05-830.png
          220 kB
          Jan Monterrubio
        3. image-2021-03-18-13-58-44-532.png
          175 kB
          Jan Monterrubio
        4. image-2021-03-18-13-58-10-702.png
          161 kB
          Jan Monterrubio
        5. image-2021-03-18-13-56-06-919.png
          19 kB
          Jan Monterrubio
        6. image-2021-03-18-13-52-27-215.png
          196 kB
          Jan Monterrubio

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              AnEmortalKid Jan Monterrubio
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: