You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Montebove Luciano <L....@finsiel.it> on 2006/07/12 14:16:08 UTC

SAMLTokenSigned action and signatureParts problem

Hi all,
 
in the current version WSS4J 1.5.0 the "SAMLTokenSigned" action doesn't
consider the "signatureParts" parameter (as instead the "Signature"
action does ) so that i can sign only the body with this action.
Looking at the code of SignatureAction and SAMLTokenSignedAction it
seems that the prblem is the lack of these lines of code in the latter:
 
        if (reqData.getSignatureParts().size() > 0) {
            wsSign.setParts(reqData.getSignatureParts());

There is a reason for this?
In turn the result of using an actions parameter like this, to avoid the
problem (tried an working in WSS4J):
"Timestamp SAMLTokenUnsigned Signature"
with this "signatureParts" parameter:
"{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;
 {Content}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;
 
{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-utility-1.0.xsd}Timestamp;"

is correct from the specs (WSS, SAML) point of view?
 
Thanks
 
Luciano