You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by "massimiliano.masi@gmail.com" <ma...@gmail.com> on 2012/07/02 13:55:18 UTC

SecurityTokenReference and SAML HoK NPE

Hi All,

I have a wsse:Header like

Timestamp
Saml2 Assertion (without Subject Confirmation Data)
ds:Signature with wsse:SecurityTokenReference the SAML2 ID, signing the
timestamp.

It's basically a ws-securitypolicy layout.

When validating the signature, I have troubles. If both Callback and
subject confirmation data is
null, I have an NPE in SAMLUtil line 264 (version 1.6.6)

            Element sub = subjConfData.getDOM();

which is null.

-- 
Massimiliano Masi

http://www.mascanc.net/~max

Re: SecurityTokenReference and SAML HoK NPE

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi,

Just to check - are you raising a bug, or just the fact that it should
handle the exception properly? Could you attach the stacktrace + failing
message?

Colm.

On Mon, Jul 2, 2012 at 12:55 PM, massimiliano.masi@gmail.com <
massimiliano.masi@gmail.com> wrote:

> Hi All,
>
> I have a wsse:Header like
>
> Timestamp
> Saml2 Assertion (without Subject Confirmation Data)
> ds:Signature with wsse:SecurityTokenReference the SAML2 ID, signing the
> timestamp.
>
> It's basically a ws-securitypolicy layout.
>
> When validating the signature, I have troubles. If both Callback and
> subject confirmation data is
> null, I have an NPE in SAMLUtil line 264 (version 1.6.6)
>
>             Element sub = subjConfData.getDOM();
>
> which is null.
>
> --
> Massimiliano Masi
>
> http://www.mascanc.net/~max
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com