[WSS-117] WSS4J does not supports KeyIdentifiers to reference SAML tokens but this is allowed by the WSS specification. Integration tesitng with owsm failed. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.6
Fix Version/s: 1.5.7, 1.6
Component/s: None
Labels:
None
Environment:
Integration testing wss4j with owsm - failed.

Description

According to wss-v1.1-spec-os-SAMLTokenProfile.pdf on - section 3.4 Identifying and Referencing Security Tokens :
The three forms of token references defined by the <wsse:SecurityTokenReference> element are defined as follows:
1)key identifier reference such as <wsse:KeyIdentifier>;
2)Direct or URI reference such as <wsse:Reference>;
3)An Embedded reference such as <wsse:Embedded>.

WSS4J uses <DirectReference> while OWSM using <KeyIdentifier> to refer to a saml token from within a <STR>. This means webservices using wss4j will not be able to interoperate with OWSM successfully.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: WellenLau

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 16/May/08 21:32

Updated:: 03/Apr/09 11:42

Resolved:: 03/Apr/09 11:41