You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by "Werner Dittmann (JIRA)" <fx...@ws.apache.org> on 2005/05/21 22:47:51 UTC

[jira] Closed: (WSFX-31) problem with xmlsec.jar version in cvs and opensaml signed SAML tokens

     [ http://issues.apache.org/jira/browse/WSFX-31?page=all ]
     
Werner Dittmann closed WSFX-31:
-------------------------------

    Resolution: Fixed

replaced with lates xmlsec lib

> problem with xmlsec.jar version in cvs and opensaml signed SAML tokens
> ----------------------------------------------------------------------
>
>          Key: WSFX-31
>          URL: http://issues.apache.org/jira/browse/WSFX-31
>      Project: WSFX
>         Type: Bug
>   Components: WSS4J
>  Environment: Tomcat 5.0.25
> Apache Axis from wss4j cvs lib directory (as of 8/18/04)
> All other jar files from wss4j cvs lib directory
>     Reporter: David Keppler
>  Attachments: axis.log
>
> There appears to be a bug in the version of the xmlsec library provided in the WSS4J cvs repository that manifests itself when WSS4J's SAML token functionality is used.
> Trying to use a pre-signed SAML assertion obtained from an exterior source (what would be the typical usage scenario I imagine) via use of a custom SAMLIssuer class in conjunction with the SAMLTokenUnsigned action (because I don't want the client to sign the token but want to maintain the signature placed on the token by the token issuer) causes an unhandled exception to be thrown by the XML canonicalization algorithm called by the XMLUtils.outputDOM(doc, os, true) call near the end of WSDoAllReceiver.invoke().
> Work-around:
> Replace the xmlsec.jar from cvs with the v1.10 release of that library from http://xml.apache.org/security/
> However, I am unaware as to possible issues with the v1.10 library which may have led to a cvs build version of the library to be included in wss4j instead.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira