You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2013/12/23 18:41:50 UTC

[jira] [Resolved] (CXF-5424) JAX-RS Security Code can not validate signed SAML2 bearer assertions without KeyInfo

     [ https://issues.apache.org/jira/browse/CXF-5424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergey Beryozkin resolved CXF-5424.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.9
                   3.0.0-milestone2

RACS needs to have its 'keyInfoMustBeAvailable' property set to false. The KeyInfo will still be preferred if it is available but if it is not and the property allows for it, then the default alias will be used to load the certificate

> JAX-RS Security Code can not validate signed SAML2 bearer assertions without KeyInfo
> ------------------------------------------------------------------------------------
>
>                 Key: CXF-5424
>                 URL: https://issues.apache.org/jira/browse/CXF-5424
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>             Fix For: 3.0.0-milestone2, 2.7.9
>
>
> Signed SAML2 Bearer assertions may not always have XML Signature KeyInfo elements available. The JAX-RS security code fails to validate such assertions but it should be able to *optionally* validate them without KeyInfo 



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)