You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/04/28 17:49:32 UTC
[jira] Assigned: (WSS-222) SignatureProcessor does not provide
correct signature coverage results with STR Dereference Transform
[ https://issues.apache.org/jira/browse/WSS-222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned WSS-222:
---------------------------------------
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> SignatureProcessor does not provide correct signature coverage results with STR Dereference Transform
> -----------------------------------------------------------------------------------------------------
>
> Key: WSS-222
> URL: https://issues.apache.org/jira/browse/WSS-222
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: David Valeri
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
> Attachments: patch.txt
>
>
> SignatureProcessor does not report correct info when STR Dereference Transform is used. The implementation does not follow the dereference pointer to the security token and reports that the signed content is the SecurityTokenReference itself and not the referenced token. The URI in the signature part is dereferenced with no regard to the transform used in the signature part.
> This issue makes it difficult to validate signature coverage over something like an embedded SAML assertion when that assertion is also used as the key material for the signature and is referenced and signed through a SecurityTokenReference.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org