Details
Description
The SAML Core 1.1 specification mentions that the <ds:KeyInfo> element is optional under the <SubjectConfirmation> element (under <Subject>).
The following call fails when the incoming SAML assertion contains a <subjectconfirmation> element without a KeyInfo child element:
Element e = samlSubj.getKeyInfo(); [ Line 122]
X509Certificate[] certs = null;
try {
KeyInfo ki = new KeyInfo(e, null);
The constructor KeyInfo(e, null) fails and throws a XMLSecurityException when e is null (which is true when samlSubj.getKeyInfo() returns null)