Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-490

Derived Endorsing policy validation error

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • None
    • None

    Description

      There is a bug in the streaming policy validation code with derived endorsing tokens. The use-case is an Issued (SAML) token which is an Endorsing (Encrypted) token, with derived keys.

      It appears that the "signsElement" method in the InboundWSSecurityContextImpl is matching the token Id of the Derived token, instead of the (deriving) SAML Token. Hence the SAML Token is never assigned the "usage" of Endorsing.

      See here for a test to reproduce the problem:

      http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?view=markup

      Attachments

        Activity

          People

            giger Marc Giger
            coheigea Colm O hEigeartaigh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: