You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Massimiliano Masi <ma...@math.unifi.it> on 2009/01/28 15:28:53 UTC
Misunderstanding in rampart processIssueResponse
Hello,
I'm posting here since the rampart's mailing list seems to be dead.
Is it dead? Is rampart still alive?
in STSClient you have the method:
private Token processIssueResponse(int version, OMElement result,
String issuerAddress) throws TrustException {
OMElement rstr = result;
if (version == RahasConstants.VERSION_05_12) {
//The WS-SX result will be an RSTRC
rstr = result.getFirstElement();
}
The rstr is always the first element, but for WST1.3 is not
mandatory at all.
This makes the stsclient unable to get the securitytoken
from a message like:
<wst:RequestSecurityTokenResponse
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
<wst:RequestedAttachedReference>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference
URI="#_5d26046afa8e38339caa4e1c53735d4d"
ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
</wsse:SecurityTokenReference>
...
<wst:RequestedSecurityToken>
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_5d26046afa8e38339caa4e1c53735d4d"
IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
<saml:Issuer Form....
That is valid.
Am I wrong?
Thanks
Massimiliano
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Misunderstanding in rampart processIssueResponse
Posted by Massimiliano Masi <ma...@math.unifi.it>.
Hi,
Nandana, you right: in the WS-Trust specification, on the
final leg, it MUST be an RSTRC.
I was confused by the spec. There is also a discussion on the
WS-SX mailing list about it.
The question is now how to deal with negotiation.
But is another story, I don't know if negotiation is implemented
in rampart.
Thank you,
Massimiliano
Quoting Nandana Mihindukulasooriya <na...@gmail.com>:
> Hi Massimiliano,
>
> On Wed, Jan 28, 2009 at 7:58 PM, Massimiliano Masi <ma...@math.unifi.it>wrote:
>
>> Hello,
>>
>> I'm posting here since the rampart's mailing list seems to be dead.
>> Is it dead? Is rampart still alive?
>>
>
> No, But during certain times developers are busy with other projects and you
> might not get an answer to some of your mails. Still we try to answer most
> of the questions during our free time.
>
> in STSClient you have the method:
>>
>> private Token processIssueResponse(int version, OMElement result,
>> String issuerAddress) throws TrustException {
>> OMElement rstr = result;
>> if (version == RahasConstants.VERSION_05_12) {
>> //The WS-SX result will be an RSTRCi
>> rstr = result.getFirstElement();
>> }
>>
>> The rstr is always the first element, but for WST1.3 is not
>> mandatory at all.
>>
>> This makes the stsclient unable to get the securitytoken
>> from a message like:
>>
>> <wst:RequestSecurityTokenResponse xmlns:wst="
>> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>>
>> <wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
>> <wst:RequestedAttachedReference>
>> <wsse:SecurityTokenReference xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> ">
>> <wsse:Reference URI="#_5d26046afa8e38339caa4e1c53735d4d"
>> ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
>> </wsse:SecurityTokenReference>
>> ...
>> <wst:RequestedSecurityToken>
>> <saml:Assertion
>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>> ID="_5d26046afa8e38339caa4e1c53735d4d"
>> IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
>> <saml:Issuer Form....
>
>
> Yes, this seems a bug. Can you raise a JIRA and even better if you can
> attach a patch too.
>
> thanks,
> nandana
>
> --
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/
> http://www.wso2.org
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Misunderstanding in rampart processIssueResponse
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Massimiliano,
On Wed, Jan 28, 2009 at 7:58 PM, Massimiliano Masi <ma...@math.unifi.it>wrote:
> Hello,
>
> I'm posting here since the rampart's mailing list seems to be dead.
> Is it dead? Is rampart still alive?
>
No, But during certain times developers are busy with other projects and you
might not get an answer to some of your mails. Still we try to answer most
of the questions during our free time.
in STSClient you have the method:
>
> private Token processIssueResponse(int version, OMElement result,
> String issuerAddress) throws TrustException {
> OMElement rstr = result;
> if (version == RahasConstants.VERSION_05_12) {
> //The WS-SX result will be an RSTRCi
> rstr = result.getFirstElement();
> }
>
> The rstr is always the first element, but for WST1.3 is not
> mandatory at all.
>
> This makes the stsclient unable to get the securitytoken
> from a message like:
>
> <wst:RequestSecurityTokenResponse xmlns:wst="
> http://docs.oasis-open.org/ws-sx/ws-trust/200512">
>
> <wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
> <wst:RequestedAttachedReference>
> <wsse:SecurityTokenReference xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
> <wsse:Reference URI="#_5d26046afa8e38339caa4e1c53735d4d"
> ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
> </wsse:SecurityTokenReference>
> ...
> <wst:RequestedSecurityToken>
> <saml:Assertion
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="_5d26046afa8e38339caa4e1c53735d4d"
> IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
> <saml:Issuer Form....
Yes, this seems a bug. Can you raise a JIRA and even better if you can
attach a patch too.
thanks,
nandana
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org