You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/02 14:22:51 UTC
[cxf] branch master updated: CXF-8068 - Log any error in the SAML
SSO component under warning
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 21b1df7 CXF-8068 - Log any error in the SAML SSO component under warning
21b1df7 is described below
commit 21b1df73ccd9da90b4eb9c28d457afdbb81d78cf
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 2 15:22:33 2019 +0100
CXF-8068 - Log any error in the SAML SSO component under warning
---
.../rs/security/saml/sso/AbstractSSOSpHandler.java | 6 ++--
.../saml/sso/SAMLProtocolResponseValidator.java | 30 +++++++++---------
.../saml/sso/SAMLSSOResponseValidator.java | 36 +++++++++++-----------
.../security/saml/sso/SamlPostBindingFilter.java | 6 ++--
.../saml/sso/SamlRedirectBindingFilter.java | 6 ++--
.../saml/sso/SamlSSOAssertionValidator.java | 14 ++++-----
6 files changed, 49 insertions(+), 49 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
index b699652..799b208 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java
@@ -159,13 +159,13 @@ public class AbstractSSOSpHandler {
if (signatureCrypto == null && signaturePropertiesFile != null) {
Properties sigProperties = SecurityUtils.loadProperties(signaturePropertiesFile);
if (sigProperties == null) {
- LOG.fine("Cannot load signature properties using: " + signaturePropertiesFile);
+ LOG.warning("Cannot load signature properties using: " + signaturePropertiesFile);
return null;
}
try {
signatureCrypto = CryptoFactory.getInstance(sigProperties);
} catch (WSSecurityException ex) {
- LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage());
+ LOG.warning("Error in loading the signature Crypto object: " + ex.getMessage());
return null;
}
}
@@ -177,7 +177,7 @@ public class AbstractSSOSpHandler {
try {
callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass);
if (callbackHandler == null) {
- LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
+ LOG.warning("Cannot load CallbackHandler using: " + callbackHandlerClass);
return null;
}
} catch (Exception ex) {
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 89fe44e..3613cc4 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -108,11 +108,11 @@ public class SAMLProtocolResponseValidator {
// Check the Status Code
if (samlResponse.getStatus() == null
|| samlResponse.getStatus().getStatusCode() == null) {
- LOG.fine("Either the SAML Response Status or StatusCode is null");
+ LOG.warning("Either the SAML Response Status or StatusCode is null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (!SAML2_STATUSCODE_SUCCESS.equals(samlResponse.getStatus().getStatusCode().getValue())) {
- LOG.fine(
+ LOG.warning(
"SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
+ "does not equal " + SAML2_STATUSCODE_SUCCESS
);
@@ -123,13 +123,13 @@ public class SAMLProtocolResponseValidator {
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(futureTTL);
if (samlResponse.getIssueInstant().isAfter(currentTime)) {
- LOG.fine("SAML Response IssueInstant not met");
+ LOG.warning("SAML Response IssueInstant not met");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
if (SAMLVersion.VERSION_20 != samlResponse.getVersion()) {
- LOG.fine(
+ LOG.warning(
"SAML Version of " + samlResponse.getVersion()
+ "does not equal " + SAMLVersion.VERSION_20
);
@@ -172,12 +172,12 @@ public class SAMLProtocolResponseValidator {
if (samlResponse.getStatus() == null
|| samlResponse.getStatus().getStatusCode() == null
|| samlResponse.getStatus().getStatusCode().getValue() == null) {
- LOG.fine("Either the SAML Response Status or StatusCode is null");
+ LOG.warning("Either the SAML Response Status or StatusCode is null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String statusValue = samlResponse.getStatus().getStatusCode().getValue().getLocalPart();
if (!SAML1_STATUSCODE_SUCCESS.equals(statusValue)) {
- LOG.fine(
+ LOG.warning(
"SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
+ "does not equal " + SAML1_STATUSCODE_SUCCESS
);
@@ -188,13 +188,13 @@ public class SAMLProtocolResponseValidator {
DateTime currentTime = new DateTime();
currentTime = currentTime.plusSeconds(futureTTL);
if (samlResponse.getIssueInstant().isAfter(currentTime)) {
- LOG.fine("SAML Response IssueInstant not met");
+ LOG.warning("SAML Response IssueInstant not met");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
if (SAMLVersion.VERSION_11 != samlResponse.getVersion()) {
- LOG.fine(
+ LOG.warning(
"SAML Version of " + samlResponse.getVersion()
+ "does not equal " + SAMLVersion.VERSION_11
);
@@ -294,7 +294,7 @@ public class SAMLProtocolResponseValidator {
samlKeyInfo = createKeyInfoFromDefaultAlias(sigCrypto);
}
if (samlKeyInfo == null) {
- LOG.fine("No KeyInfo supplied in the SAMLResponse signature");
+ LOG.warning("No KeyInfo supplied in the SAMLResponse signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -349,7 +349,7 @@ public class SAMLProtocolResponseValidator {
} else if (samlKeyInfo.getPublicKey() != null) {
credential = new BasicCredential(samlKeyInfo.getPublicKey());
} else {
- LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
+ LOG.warning("Can't get X509Certificate or PublicKey to verify signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
try {
@@ -406,7 +406,7 @@ public class SAMLProtocolResponseValidator {
}
if (samlKeyInfo == null) {
- LOG.fine("No KeyInfo supplied in the SAMLResponse assertion signature");
+ LOG.warning("No KeyInfo supplied in the SAMLResponse assertion signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -450,7 +450,7 @@ public class SAMLProtocolResponseValidator {
X509Certificate cert = loadCertificate(sigCrypto, encKeyElement);
if (cert == null) {
- LOG.fine("X509Certificate cannot be retrieved from EncryptedKey element");
+ LOG.warning("X509Certificate cannot be retrieved from EncryptedKey element");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -460,12 +460,12 @@ public class SAMLProtocolResponseValidator {
Element cipherValue = getNode(encKeyElement, WSS4JConstants.ENC_NS, "CipherValue", 0);
if (cipherValue == null) {
- LOG.fine("CipherValue element is not available");
+ LOG.warning("CipherValue element is not available");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (callbackHandler == null) {
- LOG.fine("A CallbackHandler must be configured to decrypt encrypted Assertions");
+ LOG.warning("A CallbackHandler must be configured to decrypt encrypted Assertions");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -563,7 +563,7 @@ public class SAMLProtocolResponseValidator {
private String getEncodingMethodAlgorithm(Element parent) throws WSSecurityException {
Element encMethod = getNode(parent, WSS4JConstants.ENC_NS, "EncryptionMethod", 0);
if (encMethod == null) {
- LOG.fine("EncryptionMethod element is not available");
+ LOG.warning("EncryptionMethod element is not available");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return encMethod.getAttribute("Algorithm");
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 0dd37e1..b9204dd 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -81,7 +81,7 @@ public class SAMLSSOResponseValidator {
// The Response must contain at least one Assertion.
if (samlResponse.getAssertions() == null || samlResponse.getAssertions().isEmpty()) {
- LOG.fine("The Response must contain at least one Assertion");
+ LOG.warning("The Response must contain at least one Assertion");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -90,12 +90,12 @@ public class SAMLSSOResponseValidator {
String destination = samlResponse.getDestination();
if (samlResponse.isSigned()
&& (destination == null || !destination.equals(assertionConsumerURL))) {
- LOG.fine("The Response must contain a destination that matches the assertion consumer URL");
+ LOG.warning("The Response must contain a destination that matches the assertion consumer URL");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (enforceResponseSigned && !samlResponse.isSigned()) {
- LOG.fine("The Response must be signed!");
+ LOG.warning("The Response must be signed!");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -105,13 +105,13 @@ public class SAMLSSOResponseValidator {
for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
// Check the Issuer
if (assertion.getIssuer() == null) {
- LOG.fine("Assertion Issuer must not be null");
+ LOG.warning("Assertion Issuer must not be null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
validateIssuer(assertion.getIssuer());
if (!samlResponse.isSigned() && enforceAssertionsSigned && assertion.getSignature() == null) {
- LOG.fine("The enclosed assertions in the SAML Response must be signed");
+ LOG.warning("The enclosed assertions in the SAML Response must be signed");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -142,7 +142,7 @@ public class SAMLSSOResponseValidator {
}
if (validAssertion == null) {
- LOG.fine("The Response did not contain any Authentication Statement that matched "
+ LOG.warning("The Response did not contain any Authentication Statement that matched "
+ "the Subject Confirmation criteria");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -173,7 +173,7 @@ public class SAMLSSOResponseValidator {
// Issuer value must match (be contained in) Issuer IDP
if (enforceKnownIssuer && (issuer.getValue() == null || !issuerIDP.startsWith(issuer.getValue()))) {
- LOG.fine("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
+ LOG.warning("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
+ issuerIDP);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -181,7 +181,7 @@ public class SAMLSSOResponseValidator {
// Format must be nameid-format-entity
if (issuer.getFormat() != null
&& !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) {
- LOG.fine("Issuer format is not null and does not equal: "
+ LOG.warning("Issuer format is not null and does not equal: "
+ SAML2Constants.NAMEID_FORMAT_ENTITY);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -217,14 +217,14 @@ public class SAMLSSOResponseValidator {
org.opensaml.saml.saml2.core.SubjectConfirmationData subjectConfData, String id, boolean postBinding
) throws WSSecurityException {
if (subjectConfData == null) {
- LOG.fine("Subject Confirmation Data of a Bearer Subject Confirmation is null");
+ LOG.warning("Subject Confirmation Data of a Bearer Subject Confirmation is null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Recipient must match assertion consumer URL
String recipient = subjectConfData.getRecipient();
if (recipient == null || !recipient.equals(assertionConsumerURL)) {
- LOG.fine("Recipient " + recipient + " does not match assertion consumer URL "
+ LOG.warning("Recipient " + recipient + " does not match assertion consumer URL "
+ assertionConsumerURL);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -232,7 +232,7 @@ public class SAMLSSOResponseValidator {
// We must have a NotOnOrAfter timestamp
if (subjectConfData.getNotOnOrAfter() == null
|| subjectConfData.getNotOnOrAfter().isBeforeNow()) {
- LOG.fine("Subject Conf Data does not contain NotOnOrAfter or it has expired");
+ LOG.warning("Subject Conf Data does not contain NotOnOrAfter or it has expired");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -244,7 +244,7 @@ public class SAMLSSOResponseValidator {
long ttl = Duration.between(currentTime, expires).getSeconds();
replayCache.putId(id, ttl);
} else {
- LOG.fine("Replay attack with token id: " + id);
+ LOG.warning("Replay attack with token id: " + id);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -252,23 +252,23 @@ public class SAMLSSOResponseValidator {
// Check address
if (subjectConfData.getAddress() != null && clientAddress != null
&& !subjectConfData.getAddress().equals(clientAddress)) {
- LOG.fine("Subject Conf Data address " + subjectConfData.getAddress() + " does not match"
+ LOG.warning("Subject Conf Data address " + subjectConfData.getAddress() + " does not match"
+ " client address " + clientAddress);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// It must not contain a NotBefore timestamp
if (subjectConfData.getNotBefore() != null) {
- LOG.fine("The Subject Conf Data must not contain a NotBefore timestamp");
+ LOG.warning("The Subject Conf Data must not contain a NotBefore timestamp");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// InResponseTo must match the AuthnRequest request Id
if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) {
- LOG.fine("The InResponseTo String does match the original request id " + requestId);
+ LOG.warning("The InResponseTo String does match the original request id " + requestId);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
} else if (requestId == null && subjectConfData.getInResponseTo() != null) {
- LOG.fine("No InResponseTo String is allowed for the unsolicted case");
+ LOG.warning("No InResponseTo String is allowed for the unsolicted case");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -278,12 +278,12 @@ public class SAMLSSOResponseValidator {
org.opensaml.saml.saml2.core.Conditions conditions
) throws WSSecurityException {
if (conditions == null) {
- LOG.fine("Conditions are null");
+ LOG.warning("Conditions are null");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AudienceRestriction> audienceRestrs = conditions.getAudienceRestrictions();
if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
- LOG.fine("Assertion does not contain unique subject provider identifier "
+ LOG.warning("Assertion does not contain unique subject provider identifier "
+ spIdentifier + " in the audience restriction conditions");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
index 51eb00a..c9a6683 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
@@ -109,17 +109,17 @@ public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
protected void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
Crypto crypto = getSignatureCrypto();
if (crypto == null) {
- LOG.fine("No crypto instance of properties file configured for signature");
+ LOG.warning("No crypto instance of properties file configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
String signatureUser = getSignatureUsername();
if (signatureUser == null) {
- LOG.fine("No user configured for signature");
+ LOG.warning("No user configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CallbackHandler callbackHandler = getCallbackHandler();
if (callbackHandler == null) {
- LOG.fine("No CallbackHandler configured to supply a password for signature");
+ LOG.warning("No CallbackHandler configured to supply a password for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index 8767f92..0ae7b31 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -108,17 +108,17 @@ public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
) throws Exception {
Crypto crypto = getSignatureCrypto();
if (crypto == null) {
- LOG.fine("No crypto instance of properties file configured for signature");
+ LOG.warning("No crypto instance of properties file configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
String signatureUser = getSignatureUsername();
if (signatureUser == null) {
- LOG.fine("No user configured for signature");
+ LOG.warning("No user configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CallbackHandler callbackHandler = getCallbackHandler();
if (callbackHandler == null) {
- LOG.fine("No CallbackHandler configured to supply a password for signature");
+ LOG.warning("No CallbackHandler configured to supply a password for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
index 2268624..a60ffb5 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
@@ -53,11 +53,11 @@ public class SamlSSOAssertionValidator extends SamlAssertionValidator {
List<String> methods = samlAssertion.getConfirmationMethods();
if (methods == null || methods.isEmpty()) {
if (super.getRequiredSubjectConfirmationMethod() != null) {
- LOG.fine("A required subject confirmation method was not present");
+ LOG.warning("A required subject confirmation method was not present");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
} else if (super.isRequireStandardSubjectConfirmationMethod()) {
- LOG.fine("A standard subject confirmation method was not present");
+ LOG.warning("A standard subject confirmation method was not present");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -69,13 +69,13 @@ public class SamlSSOAssertionValidator extends SamlAssertionValidator {
for (String method : methods) {
if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
if (samlAssertion.getSubjectKeyInfo() == null) {
- LOG.fine("There is no Subject KeyInfo to match the holder-of-key subject conf method");
+ LOG.warning("There is no Subject KeyInfo to match the holder-of-key subject conf method");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
}
// The assertion must have been signed for HOK
if (!signed) {
- LOG.fine("A holder-of-key assertion must be signed");
+ LOG.warning("A holder-of-key assertion must be signed");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
standardMethodFound = true;
@@ -89,7 +89,7 @@ public class SamlSSOAssertionValidator extends SamlAssertionValidator {
|| SAML1Constants.CONF_BEARER.equals(method)) {
standardMethodFound = true;
if (super.isRequireBearerSignature() && !signed && !signedResponse) {
- LOG.fine("A Bearer Assertion was not signed");
+ LOG.warning("A Bearer Assertion was not signed");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
@@ -101,13 +101,13 @@ public class SamlSSOAssertionValidator extends SamlAssertionValidator {
}
if (!requiredMethodFound && super.getRequiredSubjectConfirmationMethod() != null) {
- LOG.fine("A required subject confirmation method was not present");
+ LOG.warning("A required subject confirmation method was not present");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
if (!standardMethodFound && super.isRequireStandardSubjectConfirmationMethod()) {
- LOG.fine("A standard subject confirmation method was not present");
+ LOG.warning("A standard subject confirmation method was not present");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}