You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/08/18 17:58:27 UTC
[jira] [Resolved] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-309.
-------------------------------------
Resolution: Fixed
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org