[WSS-270] No need to ensure Crypto object is non-null for SAML signature verification using a secret key - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.11
Fix Version/s: 1.6, 1.5.12
Component/s: None
Labels:
None

Description

WSS4J currently throws an Exception if the Crypto object is non-null when trying to verify a signature, where the KeyInfo of the signature points to a SAML Assertion. However, for certain cases we query the CallbackHandler for a key, and so the check on Crypto can be delayed.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 10/Feb/11 12:31

Updated:: 10/Feb/11 12:42

Resolved:: 10/Feb/11 12:42