You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Wellen Lau <we...@oracle.com> on 2007/05/23 01:00:16 UTC

SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2

 

Hi All,

 

I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support  the "signatureParts" parameter" in wss4j 1.5. It does not seems working for me in latest wss4j. Probably someone can enlighten me.

Is it the way I configure my handler or is it an issue.

 

According to the problem and it seems indicates that in this SAMLTokenSignedAction.java does not have the below code and causing the problem.

 
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());

 

 

 

I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.

 

Client Config as below :

            <parameter name="action" value="Timestamp SAMLTokenSigned"/>

            <parameter name="signatureKeyIdentifier" value="DirectReference"/>

            <parameter name="samlPropFile" value="saml3.properties"/>

            <parameter name="signatureParts" value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>

 

 

It seems to me that using SAMLTokenSigned signed the body only.  I am trying to sign the assertion ONLY.

 

 

I did a debug on the client and found out that :

 

addReferencesToSign() [WSSecSignatureSAML.java]

{

.

                        String idToSign = encPart.getId();

..

 

                    Element body = (Element) WSSecurityUtil.findElement(

                            envelope, elemName, nmSpace);

                    if (body == null) {

                        throw new WSSecurityException(

                                WSSecurityException.FAILURE, "noEncElement",

                                new Object[] { nmSpace + ", " + elemName });

                                

                                .........

                 

 

}               

the value of idToSign is empty.

The value of body is empty.

 

 

However, if I use below :

            <parameter name="action" value="Timestamp SAMLTokenUnsigned Signature"/> with signatureParts, it works.

 

Hoping to get some idea

RE: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2

Posted by Wellen Lau <we...@oracle.com>.
Want to correct my context abt SAMLTokenSigned. It  signed the assertion and the body. Is there a way just to sign a particular content in the assertion using signatureParts ?

 

________________________________

From: Wellen Lau [mailto:wellen.lau@oracle.com] 
Sent: Tuesday, May 22, 2007 4:00 PM
To: wss4j-dev@ws.apache.org
Subject: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2

 

 

Hi All,

 

I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support  the "signatureParts" parameter" in wss4j 1.5. It does not seems working for me in latest wss4j. Probably someone can enlighten me.

Is it the way I configure my handler or is it an issue.

 

According to the problem and it seems indicates that in this SAMLTokenSignedAction.java does not have the below code and causing the problem.

 
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());

 

 

 

I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.

 

Client Config as below :

            <parameter name="action" value="Timestamp SAMLTokenSigned"/>

            <parameter name="signatureKeyIdentifier" value="DirectReference"/>

            <parameter name="samlPropFile" value="saml3.properties"/>

            <parameter name="signatureParts" value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>

 

 

It seems to me that using SAMLTokenSigned signed the body only.  I am trying to sign the assertion ONLY.

 

 

I did a debug on the client and found out that :

 

addReferencesToSign() [WSSecSignatureSAML.java]

{

.

                        String idToSign = encPart.getId();

..

 

                    Element body = (Element) WSSecurityUtil.findElement(

                            envelope, elemName, nmSpace);

                    if (body == null) {

                        throw new WSSecurityException(

                                WSSecurityException.FAILURE, "noEncElement",

                                new Object[] { nmSpace + ", " + elemName });

                                

                                .........

                 

 

}               

the value of idToSign is empty.

The value of body is empty.

 

 

However, if I use below :

            <parameter name="action" value="Timestamp SAMLTokenUnsigned Signature"/> with signatureParts, it works.

 

Hoping to get some idea

RE: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2

Posted by Wellen Lau <we...@oracle.com>.
Want to correct my context abt SAMLTokenSigned. It  signed the assertion and the body. Is there a way just to sign a particular content in the assertion using signatureParts ?

 

________________________________

From: Wellen Lau [mailto:wellen.lau@oracle.com] 
Sent: Tuesday, May 22, 2007 4:00 PM
To: wss4j-dev@ws.apache.org
Subject: SAMLTokenSignedAction doesn't support the "signatureParts" parameter => SAMLTokenSigned not working with signatureParts in wss4j 1.5.2

 

 

Hi All,

 

I noticed there was a fix on resolving "SAMLTokenSignedAction doesn't support  the "signatureParts" parameter" in wss4j 1.5. It does not seems working for me in latest wss4j. Probably someone can enlighten me.

Is it the way I configure my handler or is it an issue.

 

According to the problem and it seems indicates that in this SAMLTokenSignedAction.java does not have the below code and causing the problem.

 
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());

 

 

 

I tried on wss4j 1.5.2 and checked the fix is indeed in SAMLTokenSigned.java.

 

Client Config as below :

            <parameter name="action" value="Timestamp SAMLTokenSigned"/>

            <parameter name="signatureKeyIdentifier" value="DirectReference"/>

            <parameter name="samlPropFile" value="saml3.properties"/>

            <parameter name="signatureParts" value="{Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"/>

 

 

It seems to me that using SAMLTokenSigned signed the body only.  I am trying to sign the assertion ONLY.

 

 

I did a debug on the client and found out that :

 

addReferencesToSign() [WSSecSignatureSAML.java]

{

.

                        String idToSign = encPart.getId();

..

 

                    Element body = (Element) WSSecurityUtil.findElement(

                            envelope, elemName, nmSpace);

                    if (body == null) {

                        throw new WSSecurityException(

                                WSSecurityException.FAILURE, "noEncElement",

                                new Object[] { nmSpace + ", " + elemName });

                                

                                .........

                 

 

}               

the value of idToSign is empty.

The value of body is empty.

 

 

However, if I use below :

            <parameter name="action" value="Timestamp SAMLTokenUnsigned Signature"/> with signatureParts, it works.

 

Hoping to get some idea