Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.4
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Win XP professional, Rampart 1.4, Axis2 1.4

      Description

      When SAML token is used the SOAP request sent from the client to the service has an Assertion tag where "urn:oasis:names:tc:SAML:1.0:assertion" is defined twice.

      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
      xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
      AssertionID="_3c72ce89266a251d8181b468506c9337"
      IssueInstant="2008-06-18T11:30:31.609Z" Issuer="issuer"
      MajorVersion="1" MinorVersion="1">

        Activity

        Hide
        Suresh Attanayake added a comment - - edited

        This is the message now we get in the trunk. Seems the issue no longer there.

        <saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" AssertionID="76bed4008efbb278494e309a8e3027437adf104aee973d24" Issuer="SAMPLE_STS" MajorVersion="1" MinorVersion="1">
        <saml1:Conditions NotBefore="2013-09-02T16:58:38.301Z" NotOnOrAfter="2013-09-02T17:03:38.301Z"/>
        <saml1:AttributeStatement>
        <saml1:Subject>
        <saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</saml1:NameIdentifier>
        <saml1:SubjectConfirmation>
        <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml1:ConfirmationMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-F95A28628A5C4248C613781411183035">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
        <ds:KeyInfo>
        <wsse:SecurityTokenReference>
        <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">aqePjuZzE1lzwMMtquksvNJsbmI=</wsse:KeyIdentifier>
        </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData>
        <xenc:CipherValue>S49k0dmHoxjcOY2XygUZf9VBVZaHEIKGesMmK8onOiotbw+wNsC4Eu1vI0Ju2xBnCYciTzP7uPk9QkUJ1BlEjQzfrL8Cqt35ph21ibBHO/wwTkLLN976/zjWwZaX+veZHsc4zgCIz9mvM6ON3wPOPdpiWI1lOKUU/XyBK0I2Dk8=</xenc:CipherValue>
        </xenc:CipherData>
        </xenc:EncryptedKey>
        </ds:KeyInfo>
        </saml1:SubjectConfirmation>
        </saml1:Subject>
        <saml1:Attribute AttributeName="Name" AttributeNamespace="https://rahas.apache.org/saml/attrns">
        <saml1:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Colombo/Rahas</saml1:AttributeValue>
        </saml1:Attribute>
        </saml1:AttributeStatement>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#76bed4008efbb278494e309a8e3027437adf104aee973d24">
        <ds:Transforms>
        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
        </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>jYCd1p690Gla007QXAefCQC7rso=</ds:DigestValue>
        </df24s:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>OFuzMyaBCCA4DcNEpc2pnJ2Kb8XWeMSKjiWlmU2kq33F8lux/LBgu68mUrDFhMDywTBMPHJm4gQWbOn5Gzg61SMKdQwcQnT5v7NtkqmMefOfr0i8yuFVyMo6Snqjqzu3ZDn+MkmU41VmEx8tvtq+QA2g0vTBJOR29eYwedYKyw0=</ds:SignatureValue>
        <ds:KeyInfo>
        <ds:X509Data>
        <ds:X509Certificate>MIICUTCCAbqgAwIBAgIESy9OZzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEQMA4GA1UEBxMHQ29sb21ibzEPMA0GA1UEChMGQXBhY2hlMRAwDgYDVQQLEwdSYW1wYXJ0MRcwFQYDVQQDEw5TYW1wbGUgU2VydmljZTAeFw0wOTEyMjExMDMxMDNaFw0zNzA1MDcxMDMxMDNaMG0xCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQHEwdDb2xvbWJvMQ8wDQYDVQQKEwZBcGFjaGUxEDAOBgNVBAsTB1JhbXBhcnQxFzAVBgNVBAMTDlNhbXBsZSBTZXJ2aWNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJlCGEscCBZF0iS87nQIae6/dl4GiKuP/KVpWF15dtlX3MlYPciUtE64khoj8D/xlZFpDQ1V6B4gMVgdNtCzWRyd/dQ+YofjLEzCmgmQ7Ze32Y+QCnagYoTyLnXWXbAKHLrnFNu0BUdKm5IpKF8ZayhOn4tTqnMKPBHaN28m1BNQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABJZprOOBsOStSYd1AeKS4Nslo6JX3Xsz7dKxl2OSekzWQhMIeKxbdvHqCf2rGzinMomGLBie1lndhzmd7qxpCeQGLJHdttCTNKleOjt+s+U7vHzLKi0wOcmdTc3xWBgXOcfgyw3HDXVrXUlnnrAWNeU4tnm+Obu9LkmRcDF7Op0</ds:X509Certificate>
        </ds:X509Data>
        </ds:KeyInfo>
        </ds:Signature>
        </saml1:Assertion>

        Show
        Suresh Attanayake added a comment - - edited This is the message now we get in the trunk. Seems the issue no longer there. <saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" AssertionID="76bed4008efbb278494e309a8e3027437adf104aee973d24" Issuer="SAMPLE_STS" MajorVersion="1" MinorVersion="1"> <saml1:Conditions NotBefore="2013-09-02T16:58:38.301Z" NotOnOrAfter="2013-09-02T17:03:38.301Z"/> <saml1:AttributeStatement> <saml1:Subject> <saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</saml1:NameIdentifier> <saml1:SubjectConfirmation> <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml1:ConfirmationMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-F95A28628A5C4248C613781411183035"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">aqePjuZzE1lzwMMtquksvNJsbmI=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>S49k0dmHoxjcOY2XygUZf9VBVZaHEIKGesMmK8onOiotbw+wNsC4Eu1vI0Ju2xBnCYciTzP7uPk9QkUJ1BlEjQzfrL8Cqt35ph21ibBHO/wwTkLLN976/zjWwZaX+veZHsc4zgCIz9mvM6ON3wPOPdpiWI1lOKUU/XyBK0I2Dk8=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> </saml1:SubjectConfirmation> </saml1:Subject> <saml1:Attribute AttributeName="Name" AttributeNamespace="https://rahas.apache.org/saml/attrns"> <saml1:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Colombo/Rahas</saml1:AttributeValue> </saml1:Attribute> </saml1:AttributeStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#76bed4008efbb278494e309a8e3027437adf104aee973d24"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>jYCd1p690Gla007QXAefCQC7rso=</ds:DigestValue> </df24s:Reference> </ds:SignedInfo> <ds:SignatureValue>OFuzMyaBCCA4DcNEpc2pnJ2Kb8XWeMSKjiWlmU2kq33F8lux/LBgu68mUrDFhMDywTBMPHJm4gQWbOn5Gzg61SMKdQwcQnT5v7NtkqmMefOfr0i8yuFVyMo6Snqjqzu3ZDn+MkmU41VmEx8tvtq+QA2g0vTBJOR29eYwedYKyw0=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICUTCCAbqgAwIBAgIESy9OZzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEQMA4GA1UEBxMHQ29sb21ibzEPMA0GA1UEChMGQXBhY2hlMRAwDgYDVQQLEwdSYW1wYXJ0MRcwFQYDVQQDEw5TYW1wbGUgU2VydmljZTAeFw0wOTEyMjExMDMxMDNaFw0zNzA1MDcxMDMxMDNaMG0xCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQHEwdDb2xvbWJvMQ8wDQYDVQQKEwZBcGFjaGUxEDAOBgNVBAsTB1JhbXBhcnQxFzAVBgNVBAMTDlNhbXBsZSBTZXJ2aWNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJlCGEscCBZF0iS87nQIae6/dl4GiKuP/KVpWF15dtlX3MlYPciUtE64khoj8D/xlZFpDQ1V6B4gMVgdNtCzWRyd/dQ+YofjLEzCmgmQ7Ze32Y+QCnagYoTyLnXWXbAKHLrnFNu0BUdKm5IpKF8ZayhOn4tTqnMKPBHaN28m1BNQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABJZprOOBsOStSYd1AeKS4Nslo6JX3Xsz7dKxl2OSekzWQhMIeKxbdvHqCf2rGzinMomGLBie1lndhzmd7qxpCeQGLJHdttCTNKleOjt+s+U7vHzLKi0wOcmdTc3xWBgXOcfgyw3HDXVrXUlnnrAWNeU4tnm+Obu9LkmRcDF7Op0</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </saml1:Assertion>

          People

          • Assignee:
            Nandana Mihindukulasooriya
            Reporter:
            Emil Pavlov
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development