[RAMPART-154] org.apache.rahas.client.STSClient.org.apache.rahas.processIssueResponse fails if SamlAssertion is issued. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.5.1
Component/s: rampart-policy
Labels:
None
Environment:
Latest Rampart and Wss4j on a windows platform.

Description

the method processIssueResponse throws a trustexception if findIdentifier returns null. This is a problem since SAML Assertions don't has a AssertionID attribute instead of an ID attribute.

One solution could be to look for the assertionID attribute as well. Another could be to ignore the ID if it isn't found.

The example below shows a version of findIdentifier that also works with SAML 1.1 Assetions

private String findIdentifier(OMElement reqAttRef,
OMElement reqUnattRef,
OMElement token) {
String id;
if (reqAttRef != null)

{ //First try the attached ref id = this.getIdFromSTR(reqAttRef); }

else if (reqUnattRef != null)

{ //then try the unattached ref id = this.getIdFromSTR(reqUnattRef); }

else {
//Return wsu:Id of the token element
id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
if ( id == null )

{ id = token.getAttributeValue(new QName( "AssertionID")); }

}

return id;
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch.txt
22/Apr/08 13:24
0.8 kB
Rasmus Rhein Helwigh

Activity

People

Assignee:: Ruchith B. Gunaratne

Reporter:: Rasmus Rhein Helwigh

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Apr/08 13:32

Updated:: 21/Dec/10 12:38

Resolved:: 21/Dec/10 12:38