Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-222

SignatureProcessor does not provide correct signature coverage results with STR Dereference Transform

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.8
    • 1.5.9, 1.6
    • WSS4J Core
    • None

    Description

      SignatureProcessor does not report correct info when STR Dereference Transform is used. The implementation does not follow the dereference pointer to the security token and reports that the signed content is the SecurityTokenReference itself and not the referenced token. The URI in the signature part is dereferenced with no regard to the transform used in the signature part.

      This issue makes it difficult to validate signature coverage over something like an embedded SAML assertion when that assertion is also used as the key material for the signature and is referenced and signed through a SecurityTokenReference.

      Attachments

        1. patch.txt
          21 kB
          David Valeri

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. CXF-2913 Cannot detect signature coverage of SOAP elements referenced through the Security Token Reference Dereference Transform

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              davaleri David Valeri
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: