You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by "Anubhav Sharma (JIRA)" <ji...@apache.org> on 2011/08/18 16:04:27 UTC

[jira] [Updated] (WSS-309) Improve the configurability of the SAML signature creation in AssertionWrapper

     [ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anubhav Sharma updated WSS-309:
-------------------------------

    Attachment: 0001-Making-Signature-and-Canonicalization-algorithm-conf.patch

I have enhanced the signAssertion method to be able to pass in user configured signature and canonicalization algorithms. I have also added a testcase which tests signing with default algorithms and user provided algorithms

> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
>                 Key: WSS-309
>                 URL: https://issues.apache.org/jira/browse/WSS-309
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 1.6.2
>            Reporter: Anubhav Sharma
>            Assignee: Colm O hEigeartaigh
>         Attachments: 0001-Making-Signature-and-Canonicalization-algorithm-conf.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
>      public void signAssertion(
>          String issuerKeyName,
>          String issuerKeyPassword,
>          Crypto issuerCrypto,
>          boolean sendKeyValue
>      )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
>              SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
>          );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
>   if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
>          sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org