Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.5.9, 1.6
-
None
Description
Numerous places within WSS4J assume that the KeyInfo within the SAML authentication statement will contain only a ds:X509Data element with the complete certificate contents. In many cases, the assertion only contains the key value without the additional X509 information. WSS4J should support sending and receiving signed messages using a SAML assertion with only KeyValue data.