You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2016/08/24 11:52:20 UTC

[jira] [Commented] (CXF-7013) SAML token using ws-security.callback-handler as for UT with ID attribute value

    [ https://issues.apache.org/jira/browse/CXF-7013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15434778#comment-15434778 ] 

Colm O hEigeartaigh commented on CXF-7013:
------------------------------------------

What's happening here is that WSS4J is querying a CallbackHandler for a secret key associated with the Subject of the Assertion. It creates a WSPasswordCallback using the SAML Assertion Id and the usage "WSPasswordCallback.SECRET_KEY". So if you want to handle this in your CallbackHandler, then simply check the WSPasswordCallback usage and handle it accordingly, otherwise ignore. To avoid confusing logging, you can just log in the usage for "USERNAME_TOKEN".

Colm.

> SAML token using ws-security.callback-handler as for UT with ID attribute value
> -------------------------------------------------------------------------------
>
>                 Key: CXF-7013
>                 URL: https://issues.apache.org/jira/browse/CXF-7013
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 3.0.6
>            Reporter: Grzegorz Maczuga
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>
> Processing of SAML token results in call of configured ws-security.callback-handler same as for Username Token.
> When CXF receives (no UT in it):
>    <wss:Security>
>       <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
>         <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
>         <saml:Subject>
>           <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
>        ...         
>      </wss:Security>
> it calls configured:
>         ws-security.callback-handler=com.SecurityCallback
> with ID="Abc-1" from above Security section as username.
> Ignoring this and moving on has no impact on processing SAML token but if SecurityCallback does some funny stuff (or at list logging) for each received UT it is really confusing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)