[WSS-90] SamlUtil.java throws XMLSecurityException when SAML SubjectConfirmation element doesn't have KeyInfo child - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Won't Fix
Affects Version/s: 1.5.6
Fix Version/s: 1.5.7, 1.6
Component/s: None
Labels:
None
Environment:
Windows XP, Axis2 1.3, WSS4J 1.5.3,

Description

The SAML Core 1.1 specification mentions that the <ds:KeyInfo> element is optional under the <SubjectConfirmation> element (under <Subject>).

The following call fails when the incoming SAML assertion contains a <subjectconfirmation> element without a KeyInfo child element:

Element e = samlSubj.getKeyInfo(); [ Line 122]
X509Certificate[] certs = null;
try {
KeyInfo ki = new KeyInfo(e, null);

The constructor KeyInfo(e, null) fails and throws a XMLSecurityException when e is null (which is true when samlSubj.getKeyInfo() returns null)

Attachments

Activity

People

Assignee:: Ruchith B. Gunaratne

Reporter:: Murali Gunasekaran

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 16/Oct/07 19:08

Updated:: 02/Apr/09 10:32

Resolved:: 02/Apr/09 10:32