Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.5
-
None
Description
Rampart always assumes the SAML tokens to be issued with HoK subject confirmation. When it receives a token with the Bearer subject confirmation method, it tries to retrieve the keyinfo from the assertion which is not available in case of bearer subject confirmation.
Following is the stack trace returned in such a scenario.
[2011-01-04 10:42:03,528] ERROR - ServerWorker Error processing POST request
org.apache.axis2.AxisFault: General security error (SAML token security failure); nested exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:404)
at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:260)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: General security error (SAML token security failure); nested exception is:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument
at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:157)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:237)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source)
at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
at org.apache.ws.security.saml.SAMLUtil.getSAMLKeyInfo(SAMLUtil.java:140)
... 12 more