Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-317

Rampart Trust implementation does not properly handle SAML token with Bearer subject confirmation method.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5
    • 1.6.0
    • rampart-trust
    • None

    Description

      Rampart always assumes the SAML tokens to be issued with HoK subject confirmation. When it receives a token with the Bearer subject confirmation method, it tries to retrieve the keyinfo from the assertion which is not available in case of bearer subject confirmation.

      Following is the stack trace returned in such a scenario.

      [2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request

      org.apache.axis2.AxisFault: General security error (SAML token security failure); nested exception is:

      org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument

      at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)

      at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)

      at org.apache.axis2.engine.Phase.invoke(Phase.java:318)

      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)

      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)

      at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)

      at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)

      at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)

      at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)

      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

      at java.lang.Thread.run(Thread.java:662)

      Caused by: org.apache.ws.security.WSSecurityException: General security error (SAML token security failure); nested exception is:

      org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument

      at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)

      at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)

      at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

      ... 10 more

      Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument

      at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)

      at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source)

      at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)

      at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)

      ... 12 more

      Attachments

        1. RAMPART-317.patch
          8 kB
          Thilina Mahesh Buddhika

        Activity

          People

            thilinamb Thilina Mahesh Buddhika
            thilinamb Thilina Mahesh Buddhika
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: